Microsoft Online Services Bug Bounty Program

Η Microsoft today announced it Microsoft Online Services Bug Bounty Program, which provides security researchers with rewards to submit vulnerabilities to the various on-line Services provided by Microsoft. The company pays for finding and submitting vulnerabilities with a minimum amount of 500 dollars rising depending on the impact of the vulnerability.

Microsoft Online Services Bug Bounty Program Microsoft Online Services Bug Bounty Program Microsoft Online Services Bug Bounty Program Microsoft Online Services Bug Bounty Program

The company says vulnerabilities include:

Cross Site (XSS), Cross Site Request Forgery (CSRF), unauthorized cross-tenant data tampering or access (for multi-tenant services), insecure object references, injection flaws, authentication flaws, server-side code execution, privilege escalation και significant security misconfiguration.

The domains that can be tested are
* (Office 365 for business email services applications, excluding any consumer “” services)

The company also provides a list of vulnerabilities that will not be premium:

  • Missing HTTP Security Headers (such as X-FRAME-OPTIONS) or cookie security flags (such as "httponly").
  • Server-side information disclosure such as IPs, server names and most stack traces.
  • Bugs in the web application that only affect unsupported browsers and plugins.
  • Bugs used to enumerate or confirm the existence of users or tenants.
  • Bugs requiring unlikely user actions.
  • URL Redirects (unless combined with another flaw to produce a more severe vulnerability).
  • Vulnerabilities in technologies that are not unique to the online services in question (Apache or IIS vulnerabilities, for example).
  • "Cross Site Scripting" bugs in SharePoint that require "Designer" or higher privileges in the target's tenant.
  • Low impact CSRF bugs (such as logoff).
  • Denial of Service issues.
  • Cookie replay vulnerabilities.

You can report vulnerabilities to your products and services Microsoft at The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive of new posts by email.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).