Microsoft|Apr 4, 2021

Microsoft elevates Teams' importance by offering top-dollar bug bounties

Share on

The company has launched a new bug bounty program for Teams that offers as much as $30,000 to security researchers for previously-unknown vulnerabilities. It's a sign of the software's growing importance.


There's nothing like $30,000 to show that an app has made it to the big time.

Microsoft last week underscored the importance of Teams to its current and future strategic planning by inaugurating a new bug bounty program that will offer up to $30,000 — twice the maximum of any Office application — to security researchers for reporting previously-unknown vulnerabilities.

Out the gate, the new program, carrying the prosaic label "Microsoft Applications Bounty Program," focused exclusively on the Teams desktop client. Other applications will be brought into the program, Microsoft said, though no timeline was given.

In an online document that detailed the new bug bounty program, Microsoft listed five specific scenarios — "high-impact," the company said — that came with rewards from $6,000 to $30,000. The largest bounty was for vulnerabilities described as "remote code execution (native code in the context of the current user) with no user interaction."

Flaws in Teams that led to an "ability to obtain authentication credentials for other users*(note: does not include phishing)" would rate a maximum of $15,000.

A rate sheet of general bugs — from remote code execution vulnerabilities to spoofing or tampering — was also included, with rewards ranging from $500 to $15,000, depending on the severity of the flaw, and the quality and thoroughness of the finder's reporting.

In comparison, Microsoft's bounties in its "Office Insider Builds on Windows" program max out at $15,000. The only other application for which Microsoft cuts bounty checks as large as $30,000 is its Edge browser. (Microsoft also listed $30,000 as the maximum for vulnerabilities in the Windows Defender Application Guard, which isn't an app per se, but a security feature within Windows.)

One can get a broad idea of the importance Microsoft places on the various parts of its software ecosystem by eyeing the rate sheets for its numerous bounty programs. While the new Teams rewards are top-tier for an application, they're dwarfed by the $100,000 maximums for Windows and its identity services.

A complete list of all Microsoft's bounty programs can be found here.


comments powered by Disqus


New threat: False data security

IT|Apr 22, 2021

Now the top game is free for Playstation 4

IT|Apr 21, 2021

CBOMB: Play Station will stop working

IT|Apr 20, 2021

Finally fixes bugs that could herp Windows 10 disks

Microsoft|Apr 19, 2021

Huawei launches 6G in 2030: 50x faster than 5G

IT|Apr 18, 2021

Did you know that the iPhone can save you even if the battery is dead?

Apple|Apr 17, 2021

BIG Android 12 leak: Google is copying this from Apple, and that's fine

Google|Apr 16, 2021

This is probably the latest iOS 14.5 beta

Apple|Apr 15, 2021

Are you running this version of Windows? Now you need to update - new Windows update released

Microsoft|Apr 14, 2021

Linux support for Apple's M1 in June

Apple|Apr 13, 2021

Do you need a washing machine for your earplugs?

IT|Apr 12, 2021

Secret FBI agent reveals bomb plots to paralyze internet

General|Apr 11, 2021

Apple gets ready to launch its Find My ecosystem (updated)

Apple|Apr 10, 2021

2 colossal Chrome OS changes to keep an eye on

Google|Apr 9, 2021

YouTube to share how often someone watches "offensive content"

IT|Apr 8, 2021