In the past month, Google has publicly embarrassed Microsoft by exposing two unpatched security vulnerabilities in Windows 10 and other versions of Microsoft’s desktop operating system.
We don’t know if this is related in any way to those instances, but the Redmond-based software giant is now offering up to $30,000 in ‘bug bounty’ payouts for security researchers that can find zero-day vulnerabilities in the following services:
portal.office.com
outlook.office365.com
outlook.office.com
*.outlook.com
outlook.com
There are nine specific vulnerability types that Microsoft wants these researchers to explore:
Cross Site Scripting (XSS)
Cross Site Request Forgery (CSRF)
Unauthorised cross-tenant data tampering or access (for multi-tenant services)
Insecure direct object references
Injection Vulnerabilities
Authentication Vulnerabilities
Server-side Code Execution
Privilege Escalation
Significant Security Misconfiguration (when not caused by user)
A zero-day vulnerability on an important and widely used piece of software can fetch as much as $200,000 on the Dark Web, and even more if the hacker uses the vulnerability to create malware and offer it on a Malware as a Service platform, according to Enterprise Times.
From that perspective, $30,000 doesn’t seem like a lot of money, but Microsoft is hoping that ethical hackers will take the legal route and jump into the thick of the action. The company is also limited the bug bounty payouts to a specific time period – between March 1 and May 31, 2017.
The total list of services covered by the bounty includes 18 domains and another 37 endpoints. For full details on the bug bounty program, please visit Microsoft’s Security TechCenter here.
Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.
