Microsoft Teams bug-bounty program: Help zap them and get cash

Microsoft 365 and Microsoft Teams have been among the major tech success stories of the past few years. The use of both has surged since the pandemic, and in response, Microsoft has rolled out updates, new features, and add-ons at breathtaking speed. But great speed often comes with ugly blotches: bugs. Microsoft has announced a bug-bounty program inviting users to find vulnerabilities in Microsoft Teams. Find some bugs and you’ll make Microsoft Teams better … and you a little wealthier.

At this point, the Microsoft Application Bounty Program applies only to the Microsoft Teams desktop client, which is arguably Microsoft’s hottest product. Microsoft says the list of apps “will continue to evolve over time.”

So, what’s in it for you? How about a grand prize of $30,000. That’s for finding a remote code execution that Microsoft describes as “native code in the context of the current user with no user interaction.” The biggest awards fall into finding a vulnerability in the category Microsoft labels “high-impact scenario.” You can see these in the chart below.

 

Scenario Maximum Award
Remote code execution (native code in the context of the current user) with no user interaction $30,000
Ability to obtain authentication credentials for other users (note: does not include phishing) $15,000
XSS or other (remote) code injection resulting in ability to execute arbitrary scripts in the context of teams.microsoft.com or teams.live.com with no user interaction $10,000
Elevation of privilege which traverses an operating system user boundary $10,000
XSS or other (remote) code injection resulting in ability to execute arbitrary scripts in the context of teams.microsoft.com or teams.live.com with minimal user interaction $6,000

windows deletebug

Outside of the high-impact scenario, Microsoft is offering General Awards in several categories. The awards are based on the security impact, the report quality, and the severity of the vulnerability, as you can see in the chart below.

Security Impact Report Quality “Critical” Severity “Important” Severity
Remote Code Execution High $15,000 $10,000
Medium $10,000 $8,000
Low $8,000 $5,000
Elevation of Privilege High $8,000 $5,000
Medium $4,000 $2,000
Low $3,000 $1,000
Information Disclosure High $8,000 $5,000
Medium $4,000 $2,000
Low $3,000 $1,000
Spoofing High N/A $3,000
Medium $1,200
Low $500
Tampering High N/A $3,000
Medium $1,200
Low $500

Bug-bounty programs from giant tech companies are not new and have proved to be successful in closing serious and embarrassing vulnerabilities. Ready to start swatting bugs in Microsoft Teams and fatten your wallet? For more information, head over to the Microsoft Application Bounty Program page.

Featured image: Shutterstock

1 thought on “Microsoft Teams bug-bounty program: Help zap them and get cash”

  1. Pingback: How to Fix the "We Ran Into a Problem" Error That Plagues Microsoft Teams – TechGenix | Public Press Partner

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top