Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Microsoft Offers Up to $30,000 for Vulnerabilities in Teams Desktop Client

Microsoft on Wednesday announced that its bug bounty programs now also cover the desktop client of its Teams business communications platform.

Microsoft on Wednesday announced that its bug bounty programs now also cover the desktop client of its Teams business communications platform.

The tech giant is offering rewards for vulnerabilities in the Teams desktop client as part of its Application Bounty Program, which will feature additional app-related bounties in the future.

The Teams desktop client bug bounty program complements the existing awards for vulnerabilities in online Teams services.

Microsoft says researchers can earn between $500 and $15,000 for general vulnerabilities in the Teams desktop client, and between $6,000 and $30,000 if they demonstrate an exploit that fits one of five scenarios.

For example, white hat hackers can earn up to $30,000 for remote code execution with no user interaction, and $15,000 for the ability to obtain authentication credentials for other users without leveraging phishing attacks.

Payouts for vulnerabilities in Microsoft Teams desktop client

Microsoft reported in August 2020 that it had paid out nearly $14 million through its bug bounty programs in the past year. The single biggest reward was $200,000.

Related: Microsoft Launches ElectionGuard Bug Bounty Program

Related: Microsoft Explains How It Processes Vulnerability Reports

Advertisement. Scroll to continue reading.

Related: Microsoft Offers Up to $30,000 for Flaws in Chromium-Based Edge

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights