Microsoft: We're boosting our bug bounties for these high-impact security flaws

Microsoft has announced new “scenario-based” awards for its Dynamics and Power Platform Bounty Program and the Microsoft 365 Bounty Program. 

Microsoft says the scenario-based awards are designed to encourage researchers to focus their work on “vulnerabilities that have the highest potential impact on customer privacy and security”.

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

The new scenario-based awards are on top of existing general awards for security bugs, such as remote code execution and elevation of privilege bugs in products – and amount to up to $26,000 on offer in new awards. 

SEE: Windows 11 security: How to protect your home and small business PCs

The new scenario-based award for Dynamics 365 and Power Platform is a cross-tenant information disclosure bug, which carries a maximum award of $20,000. Microsoft has patched similar bugs to this affecting some Azure APIs and another similar cross-tenant information disclosure bug affecting the Azure Automation service in March.   

Microsoft is also adding bonuses

Read More: https://www.zdnet.com/article/microsoft-were-boosting-our-bug-bounties-for-these-high-impact-security-flaws/#ftag=RSSbaffb68