Extending the Microsoft Office Bounty Program

Extending the Microsoft Office Bounty Program

Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017.  This extension is retroactive for any cases submitted during the interim.

The engagement we have had with the security community has been great and we are looking to continue that collaboration on the Office Insider Builds on Windows.  This program represents a great chance to identify vulnerabilities prior to broad distribution.

Program Details

Office Insider Builds give users early access to the latest Office capabilities and security innovation. By testing against these early builds, issues can potentially be found prior to production release. This helps improve quality and protect customers.

How it works

  • Types of vulnerabilities awarded and their details are listed in the Microsoft Office Insider Builds on Windows Bounty Program Terms, including:
    • Elevation of privilege via Office Protected View
    • Macro execution by bypassing security policies to block macros
    • Code execution by bypassing Outlook automatic attachment block policies
  • The program duration is from March 15 to December 31, 2017
  • Bounty payout ranges during this period will be $6,000 to $15,000 USD

Call to action: send your vulnerabilities to [email protected] and let us know that you want your submission to be part of this program!

As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.

 

Phillip Misner,

Principal Security Group Manager

Microsoft Security Response Center

Source: Extending the Microsoft Office Bounty Program

About KENNETH 19688 Articles
지락문화예술공작단

Be the first to comment

Leave a Reply

Your email address will not be published.


*


이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.