Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft Launches Teams Bug Bounty Program

3 min. read

Published onMarch 29, 2021

published onMarch 29, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Microsoft haslaunched a bounty programfor its Teams communication platform. With people now more than ever working remotely due to Covid-19 restrictions, there’s an increased need for robust security protocols to protect business communication apps such as Teams. Of course, the proactive involvement of security researchers from around the world is imperative to achieving this objective.

The Microsoft Teams bounty program will see white hat hackers get between $6,000 and $30,000 to sweep forhigh-impact vulnerabilities. Security researchers who find security issues related to cross-site scripting (XSS) are eligible for a reward that starts at $6,000. Microsoft underlines that exploits of this nature should only be in the context of teams.live.com or teams.microsoft.com. There should also be minimal user interaction involved. On the other hand, security loopholes that allow XSS code to be executed arbitrarily with no user interaction stand to get a $10,000 minimum payoff.

Third on the list in the Teams bounty program is obtaining a user’s authentication credentials. To qualify for the reward, a bounty hunter should demonstrate the ability to steal a user’s authentication token without relying on a phishing attack. The reward starts at $15,000. Highest on the list is the identification of an exploit allowing remote code execution in the context of a current client, while requiring no user interaction. For this effort, the company is paying out a minimum $30,000 award.

That said, vulnerabilities identified outside the High Impact program can qualify for a $500 minimum remuneration, but this is at the sole discretion of the company.

Participation Requirements

To participate in the Microsoft Teams bounty program, candidates are required to undertake testing on their own Teams subscription accounts. Additionally, the bugs reported must also be replicable on the latest Microsoft Teams desktop client version installed on the latest patched versions of Linux, Windows, or macOS.

Finally, Microsoft prefers that the exploit instructions be clear and relayed via text or video. In a nutshell, the submitted guidelines should allow the company’s security team to promptly replicate the scenario and ascertain exploitability.

A Recent Hack

The Microsoft Teams bounty program comes at a time when the company is facing serious competition from fast-rising group communication and collaboration platforms such as Slack and Zoom. Withthe recent Microsoft Exchange attackstirring individual clients and businesses that rely on its software, the tech giant is looking to mollify users by fortifying app security.

The Teams application has seentremendous growthover the past year adding over 90 million users. It is also a key revenue generator for the Redmond-based tech firm. In 2020, its revenues reached $6.8 billion, an impressive 700 percent increase compared to the previous year. Today, over 500,000 organizations worldwide use the application.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Radu Tyrsina