Microsoft launches bug bounty for Office previews

By

Testers have three months to score up to US$15,000.

Microsoft is inviting early adopters to hunt for vulnerabilities in initial builds of its Office productivity suite via a new bounty program.

Microsoft launches bug bounty for Office previews

Under the Microsoft Office Insider Builds on Windows Bounty Program, researchers who find reproducible vulnerabilities in the company's productivity suite can earn up to US$15,000 (A$19,480).

That amount is paid for vulnerabilites that allow for Office Protected View sandbox escapes, and macro execution through bypassing security policies in Word, Excel and Powerpoint.

The discovery of vulnerabilties that bypass the automatic attachment block policies in Outlook reaps rewards of up to US$9,000 (A$11,700) for each flaw.

Researchers must submit a proof of concept for their submitted vulnerabilties, and Microsoft will dock thousands off the payout if the report is of low quality.

The Office Insider bug bounty program will run from today until June 15 US time.

Microsoft's trustworthy computing team said the new program will complement its internal testing. 

The company currently operates seven different bug bounty programs. Of those, the biggest rewards are found in the mitigation bypass program, which solicits entries for novel exploitation techniques for Windows, and the related bounty for defence scheme, which offers up to US$100,000 per flaw.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors

Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul

Exetel fined $694k over system 'vulnerability' for mobile number porting

Exetel fined $694k over system 'vulnerability' for mobile number porting

Log In

  |  Forgot your password?