Calling All Bounty Hunters! Microsoft Teams Seeks Researchers to Prune Security Flaws

Must Read

How To Leverage On Cold Calling to Help You Win Big In 2021

Cold calling is an old-fashioned sales strategy that involves sales representatives reaching out to prospective customers who have not...

With Free Delivery and Zero Surge Pricing, What’s Swiggy Upto?

Be it fancy, hearty meals delivered at door-step or being the savior of late-night food cravings - Swiggy has...

Are You A Gaming Geek: ‘Five Commandments’ Before You Buy Video Games Online !

Does your day start with joysticks instead of coffee mugs? Or as a kid your best friends were the...

Researchers, cybersecurity geeks, or enthusiasts, gather around! Microsoft bug bounty program can’t be more lucrative than this.

Your objective, should you choose to accept it, is simple – Fix the vulnerabilities on sight in a new product that was introduced by one of the world’s most valuable publicly traded tech company some time back.

That is the new directive from none other than Microsoft.

Advertisements

In a new announcement coming from Microsoft’s corner, the company has launched a bug bounty rewards program to eliminate security flaws in Microsoft Teams’ desktop software.

The rewards, beginning from $5,000 right up to a maximum of $20,000, are based on scenario-respective slabs for weeding out vulnerabilities. The prize purse could also go higher if the quality of the submission is deemed to have a high enough impact on customer privacy and security by Microsoft.

A $30,000 reward can also be won by researchers, subject to the condition of clearly outlining a remote code execution bug using native code in the context of the current user with no user interaction.

In the same vein, the company’s reward slabs pan out with some interesting reward amounts where certain quality criteria are met paired with the efficacy of fixing the bug. 

Taking note of some of the most prominent ones, there are some which stand out.

Advertisements

The Redmond-based tech giant has offered $15,000 for getting a bug that allows an attacker to obtain authentication credentials for other users, but phishing is excluded.

Then there is the offer of $10,000. This is available for cross-site scripting (XSS) flaws or other remote code injection that could allow an attacker to execute arbitrary scripts in the context of teams.microsoft.com or teams.live.com sans any user interaction.

The same amount could also be targeted by researchers, provided they find a way to elevate privileges. In such a manner that they hop over the Windows and user boundary. 

If there are techies who can find an XSS or other “code injection resulting in ability to execute arbitrary scripts in the context of teams.microsoft.com or teams.live.com with minimal user interaction”, they become available to draw an amount of $6,000.

The thing to keep in mind is the fact that the bug bounty has only been made applicable for the Microsoft Teams desktop client at present (available for Windows 10, macOS, and Linux). Interested parties should keep in mind that the bounty does not apply to any of the Teams apps for desktop browsers or the native mobile apps for iOS and Android.

The rejoicing for experts is not restricted to just this, since Microsoft is also offering general bounty awards for the Teams desktop app that fall outside the scenario-based awards. Rewards in those cases are expected to climb up to $15,000.

As for Teams, the announcement is because of the product falling under the Online Services Bounty Program. It also underlines the importance that the product has gathered from Micorosft.

Boasting a 115 million daily active user base, clearly, Microsoft’s precedence to Teams is what has opened the doors for a bug bounty platform for one of their key services. Especially since it happens to cater to such a large business customer base.

Looking over to the rival space, the announcement is consistent with Zoom also choosing to revamp security by bringing Luta Security on board last year. The objective in both cases is the same – part of a long-term plan to improve the security of its service.

When it comes to Teams, Microsoft has constantly tried to introduce features to better the quality of this particular product. From adding breakout room timers, room retention, and participant reassignment features to deploying Slack-inspired titbits, it has been an ever upgrading spree to enhance user engagement.

Be that as it may, the announcement of the bounty program for Teams’ desktop client is one that bears more relevance to the news of a significant number of cyberattacks targeting Microsoft’s vulnerable Exchange servers.

The situation on that particular front is admittedly dire. There are widespread fears by analysts that the severity of these attacks could successfully compromise a Microsoft Exchange Server. In this scenario, the hackers not only gain access to sensitive information that’s quintessential to business operations, but could also leave a gaping hole for additional attacks – including ransomware campaigns.

The hacking spree, believed to be the work of a Chinese cyberespionage group dubbed as Hafnium has escalated to such an extent that it is also forcing the White House to look into the matter.

Looking from Microsoft’s point of view, this is a product used by some of the most esteemed entities on the planet. 91 of the Fortune 100 companies use Microsoft Teams. In a pandemic hit world which brought home the concept of remote work, a study of US Teams users in 2020 found 29.71% of companies using Microsoft Teams for remote tasking during the COVID-19 pandemic.

Moreover, with close to 500,000 organizations making use of the product as of 2020, it only makes sense for Microsoft to take remedial steps. It is a good move to make the necessary arrangements to shore up the defences of a highly regarded product as Microsoft Teams.

Stay tuned for more updates.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

CRED Valuation Soars To $4 Billion As It Raises $251 Million

The fast-growing Credit card payments company CRED has concluded a $251 million financing round and has boosted its value...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This