Knowledge base

March 26, 2021

Microsoft offers rewards for security flaws in Microsoft Teams

Microsoft launches a new Applications Bounty Program , and the first application they want researchers to find bugs is Microsoft Teams, the popular business communications platform.

About Microsoft Teams

Microsoft Teams offers chat in the workspace, VoIP and video conferencing, file sharing via chats and meetings.

How do you create Breakout Rooms in Teams?

Like other video conferencing and communication solutions, Microsoft Teams received a significant boost with the arrival of the Covid-19 outbreak, fueled by the need for companies to stay connected with their employees who work from home. In March 2020, the service had 44 million daily users. Just a month later, it reached 75 million.

What should insect hunters pay attention to?

For now, only the Microsoft Teams desktop client for Windows, macOS, and Linux is in range.

Microsoft is offering between $30,000 and $6,000 for information about vulnerabilities that could lead to the following scenarios:

  • Remote code execution (native code in the context of the current user) without user interaction
  • Ability to obtain authentication credentials (including authentication tokens) for other users (but not via phishing!)
  • XSS or other (external) code injection resulting in the ability to run arbitrary scripts in the context of teams.microsoft.com or teams.live.com without user interaction
  • Privilege elevation that exceeds the user boundary of an operating system (including elevation in the macOS updater)
  • XSS or other (external) code injection resulting in the ability to run arbitrary scripts in the context of teams.microsoft.com or teams.live.com with minimal user interaction (e.g. preview a document or expand a message)

Aside from that, the company also welcomes reports of critical and important vulnerabilities that could allow remote code execution, elevation of privilege, information disclosure, spoofing, and sabotage. Depending on the severity and quality of the report, the rewards can be as high as $15,000 or as little as $500.

“Entries identifying vulnerabilities that reproduce only in online services will be evaluated under the Online Services Bounty Program. Refer to the Office Insider Bounty Program for eligible bounty targets and rewards for research in other Office products. All submissions will be assessed to qualify for a bounty, so don’t worry if you’re not sure where your entry fits. We’ll send your report to the appropriate program,” the company added.

Source: helpnet security

Want to know more?

Get in touch

Related
blogs

View all blogs
Moderne Werkplek ALTA-ICT
April 24, 2024

Discover ALTA-ICT’s Modern Workplace: Innovation and Security

Read more
EDR
April 23, 2024

The Crucial Role of EDR in Modern Cybersecurity

Read more
Copilot op Windows Server 2022
April 22, 2024

Unexpected Appearance of Copilot on Windows Server 2022

Read more
Microsoft Entra Single Sign-On (SSO)
April 21, 2024

Microsoft Entra Single Sign-On (SSO): Complete Overview

Read more
Microsoft 365 Business Premium vs. E3
April 20, 2024

Microsoft 365 Business Premium vs. E3 – The Best Choice?

Read more
Microsoft Intune
April 19, 2024

Discover the Power of Microsoft Intune

Read more
Microsoft Entra ID Passkeys
April 18, 2024

The Future of Authentication with Microsoft Entra ID Passkeys

Read more
De Toekomst van Cybersecurity: Generatieve AI (genAI) aan het Front
April 17, 2024

The Future of Cybersecurity: Generative AI (genAI) on the Front Lines

Read more
Security Officer as a Service (SOaaS)
April 16, 2024

Strengthen Your Cybersecurity with Our Security Officer as a Service

Read more
Antivirusoplossing
April 15, 2024

The importance of advanced antivirus solution in every workplace

Read more

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Weekly in Your Mailbox.