Microsoft adds new products to bug bounty eligibility list

News
By Robert Carnevale
published

Get your digital Mason jars, 'cause there's bug hunting to be done.

Grounded Screenshot Ladybug
Grounded Screenshot Ladybug (Image credit: Obsidian Entertainment)

What you need to know

  • Microsoft has expanded the scope of its bug bounty program.
  • As of April 5, Exchange on-premise, SharePoint on-premises, and Skype for Business on-premises are all part of the program.
  • According to Microsoft, rewards span from anywhere between $500 and $30,000 USD.

In the past, Microsoft has made a show of just how much money it pays to bug hunters who spot fatal flaws in the company's various products and services. And now, even more people can get in on cashing a Redmond-issued check thanks to the home of Windows 11 expanding what products are eligible for bug bounties.

As of April 5, Exchange on-premise, SharePoint on-premises, and Skype for Business on-premises are all eligible to be inspected for pests with the dangling carrot of monetary reward to follow should you find something of interest to Microsoft. The aforementioned SharePoint and Exchange products have also had high-impact scenarios detailed meaning you'll now know which vulnerabilities and issues will fetch you the most amount of cash.

Submitting findings to Microsoft is not a guarantee of money. The company has its own rules of engagement you'll have to follow (should you not follow them, it's unlikely you'll be rewarded), and there's a long list of exceptions as to what is considered an eligible vulnerability. But, should you play by the book and spot something listed under the eligible categories, including remote code execution or XSS code injection vulnerabilities, you could score a five-digit haul.

With all that being said, sometimes the reward for doing the "right" thing isn't as monetarily beneficial as it is to just do whatever you want. Take, for example, a recent crypto heist wherein $300 million of wETH was stolen and the hacker responsible was offered a $10 million bug bounty in exchange for returning the funds. And don't forget the sixteen-year-old worth an estimated $14 million who made his fortune from toying with companies such as Microsoft. Still, criminal activity carries criminal consequences, so Microsoft's offer of money for staying on society's good side is, if nothing else, a risk-free proposition.

Robert Carnevale
Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.