Microsoft on Wednesday announced that its bug bounty programs now also cover the desktop client of its Teams business communications platform.
The tech giant is offering rewards for vulnerabilities in the Teams desktop client as part of its Application Bounty Program, which will feature additional app-related bounties in the future.
The Teams desktop client bug bounty program complements the existing awards for vulnerabilities in online Teams services.
Microsoft says researchers can earn between $500 and $15,000 for general vulnerabilities in the Teams desktop client, and between $6,000 and $30,000 if they demonstrate an exploit that fits one of five scenarios.
For example, white hat hackers can earn up to $30,000 for remote code execution with no user interaction, and $15,000 for the ability to obtain authentication credentials for other users without leveraging phishing attacks.
Microsoft reported in August 2020 that it had paid out nearly $14 million through its bug bounty programs in the past year. The single biggest reward was $200,000.
Related: Microsoft Launches ElectionGuard Bug Bounty Program
Related: Microsoft Explains How It Processes Vulnerability Reports
Related: Microsoft Offers Up to $30,000 for Flaws in Chromium-Based Edge

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
Latest News
- Chrome 114 Released With 18 Security Fixes
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Breaking Enterprise Silos and Improving Protection
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
