Skip to main content

Make some serious cash finding bugs with Microsoft's Office Insider Bug Bounty program

ubuntu
Image used with permission by copyright holder
There’s probably no better way to find security bugs than to offer money to the people who actually use software on a daily basis to do just that. That’s why companies like Microsoft and Google offer increasingly significant amounts of money through reward programs aimed at discovering and then fixing vulnerabilities.

Microsoft has its lucrative Bug Bounty program for Windows that just saw its reward double to $30,000 for anyone identifying a verified exploit. Now, the company has announced a new program that offers some serious cash to users of its Office productivity suite for Windows Desktop.

Recommended Videos

The new Office Insider Bug Bounty program will pay anyone using the Insider slow ring builds up to $15,000 for finding security bugs before they have a chance to make their way to the production version. The kinds of bugs for which Microsoft will pay out include:

  • Elevation of privilege via Office Protected View.
  • Macro execution by bypassing security policies to block macros.
  • Code execution by bypassing Outlook automatic attachment block policies.
Please enable Javascript to view this content

Go here to dig into the details of how Microsoft will determine eligibility and how you need to submit your bugs. These particular bugs are viewed as likely to be the most prominent and most likely to affect Office users. Macros and email attachments are common vectors of attack on all Office platforms.

Before you spend too much time looking for bugs, here’s a list of vulnerabilities that will not be covered:

  • Vulnerabilities in anything earlier than the current Office Insider slow build on Windows Desktop.
  • Vulnerabilities in user-generated content.
  • Vulnerabilities requiring extensive or unlikely user actions.
  • Vulnerabilities found by disabling existing security features.
  • Vulnerabilities in components not installed by Office.
  • Vulnerabilities in third-party components that might be installed on the system that enable the vulnerability.
  • Vulnerabilities about escaping Protected View where Protected View is explicitly not activated in Office code or enabled by default for the reported scenario.
  • Vulnerabilities in the Application container.
  • Any other category of vulnerability that Microsoft determines to be ineligible, in its sole discretion.

The Microsoft Office Bug Bounty program will last from March 15, 2017, through June 15, 2017. Payouts will range from $500 to $15,000, and of course, there are important terms and conditions to keep in mind. You also need to be a member of the Office Insider program utilizing an Insider slow ring build of Office for Windows Desktop.

You can sign up to be an Office Insider here. Go to File > Account and look under Office Updates to check which version you’re running. Click on Office Insider and select Change Level to move from one ring to another or remove yourself from the Office Insider program.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Quick! This HP Envy with a touchscreen is $550 off for a limited time
HP Envy 16 2023 front view showing display and keyboard deck.

Looking for laptop deals that are both stylish and powerful? Check out what Best Buy has to offer. Right now, you can buy the HP Envy 16-inch laptop with a touchscreen for just $950. It normally costs $1,500, so you’re saving $550 while gaining plenty of powerful hardware. This clearance deal won't be around forever, and it's ideal for anyone who wants a MacBook competitor that also offers some gaming prowess.

Why you should buy the HP Envy 16-inch touchscreen laptop
HP is one of the best laptop brands you can buy, so the HP Envy 16-inch touchscreen laptop is instantly worth checking out. In our HP Envy 16 review, we described it as a “cheaper MacBook” with “solid productivity and creative performance” as well as “competitive gaming performance." That’s rounded off nicely with an “excellent keyboard and touchpad.”

Read more
The stars are aligning for a perfect PC handheld — but one thing’s missing
The Lenovo Legion Go S with SteamOS installed.

At CES 2025, I saw some of the most exciting developments in the world of handheld gaming PCs that I've ever seen, but completely absent from the conversation was Nvidia. It's a world dominated by AMD with its semi-custom designs like the new Ryzen Z2 range, and one that Intel is slowly working its way into with devices like the MSI Claw 8 AI+. Team Green, by comparison, doesn't seem interested.

An Nvidia handheld wouldn't inherently be better than the crop of AMD-powered devices we have now, from the Steam Deck OLED to the new Lenovo Legion Go S, but Nvidia already has features and hardware that fit the ethos of handhelds perfectly. But even with so much going for Nvidia in handhelds, it remains one tough nut to crack.
It's all coming together

Read more
Sony’s flip-up XR headset costs even more than an Apple Vision Pro
Sony's SRH-S1 held in a hand at CES 2025.

Sony is one of the biggest names in VR gaming with the popular PlayStation VR2. Now it’s launching a high-end XR headset with specifications that rival the Apple Vision Pro. To be clear, this isn’t the Sony XYN headset powered by Google's new Android XR, and it won’t connect to a PlayStation 5. It’s aimed at enterprise customers that design products, and it costs even more than the ultra-premium Vision Pro.

Priced at $4,750, the Sony SRH-S1 is a powerful system with integrated hardware and software, a flip-up visor, and unique controllers optimized for manipulating virtual 3D objects. Being able to lift the visor for face-to-face conversations is convenient. The halo strap design also removes all facial pressure. A ring on one finger lets you grasp items, and a 3D stylus that looks like something from a sci-fi movie allows precise adjustments.

Read more