Home » Technology » Microsoft » Microsoft increases reward for serious Microsoft 365 bugs

Microsoft increases reward for serious Microsoft 365 bugs

Microsoft improved incentives for security loopholes to be reported directly to the manufacturer and not sold on the dark web. Serious Microsoft 365 errors in particular are now much better rewarded. That reports that Bleeping Computer Online Magazine The past few months have seen wild ups and downs in hacker attacks on businesses and consumers.

Weaknesses at Microsoft, including Exchange, Windows Server, Office, or Windows in general, were often targeted. Microsoft has now announced that it will not only chase the bugs but will also increasingly rely on its internal Bug County program: The rewards for reported security gaps for Microsoft 365 are now being increased, some drastically.

There is now up to 30 percent more for a message

Microsoft has increased the maximum reward for high-impact vulnerabilities reported through the Microsoft 365 and Dynamics 365/Power Platform bug bounty programs. There is now up to 30 percent more, or rather up to $26,000, available for a report. This is not always relatively small compared to other bug bounty programs, but it is a significant increase.

Microsoft added that vulnerabilities not rated as particularly serious may also qualify for awards under the General Awards program. They may also be awarded higher awards, depending on the severity of the vulnerability reported and the quality of the submissions. “If a reported vulnerability is not eligible for an award under the High Impact Scenarios, it may be eligible for an award under General Awards,” the company said.

“Higher rewards may be awarded at Microsoft’s discretion, based on the severity and impact of the vulnerability and the quality of the submission.” Specifically, the change means security researchers can now find and report vulnerabilities in on-premises Exchange and SharePoint servers, earning them a bounty of between $500 and $26,000.