Make some serious cash finding bugs with Microsoft's Office Insider Bug Bounty program

ubuntu
There’s probably no better way to find security bugs than to offer money to the people who actually use software on a daily basis to do just that. That’s why companies like Microsoft and Google offer increasingly significant amounts of money through reward programs aimed at discovering and then fixing vulnerabilities.

Microsoft has its lucrative Bug Bounty program for Windows that just saw its reward double to $30,000 for anyone identifying a verified exploit. Now, the company has announced a new program that offers some serious cash to users of its Office productivity suite for Windows Desktop.

The new Office Insider Bug Bounty program will pay anyone using the Insider slow ring builds up to $15,000 for finding security bugs before they have a chance to make their way to the production version. The kinds of bugs for which Microsoft will pay out include:

  • Elevation of privilege via Office Protected View.
  • Macro execution by bypassing security policies to block macros.
  • Code execution by bypassing Outlook automatic attachment block policies.

Go here to dig into the details of how Microsoft will determine eligibility and how you need to submit your bugs. These particular bugs are viewed as likely to be the most prominent and most likely to affect Office users. Macros and email attachments are common vectors of attack on all Office platforms.

Before you spend too much time looking for bugs, here’s a list of vulnerabilities that will not be covered:

  • Vulnerabilities in anything earlier than the current Office Insider slow build on Windows Desktop.
  • Vulnerabilities in user-generated content.
  • Vulnerabilities requiring extensive or unlikely user actions.
  • Vulnerabilities found by disabling existing security features.
  • Vulnerabilities in components not installed by Office.
  • Vulnerabilities in third-party components that might be installed on the system that enable the vulnerability.
  • Vulnerabilities about escaping Protected View where Protected View is explicitly not activated in Office code or enabled by default for the reported scenario.
  • Vulnerabilities in the Application container.
  • Any other category of vulnerability that Microsoft determines to be ineligible, in its sole discretion.

The Microsoft Office Bug Bounty program will last from March 15, 2017, through June 15, 2017. Payouts will range from $500 to $15,000, and of course, there are important terms and conditions to keep in mind. You also need to be a member of the Office Insider program utilizing an Insider slow ring build of Office for Windows Desktop.

You can sign up to be an Office Insider here. Go to File > Account and look under Office Updates to check which version you’re running. Click on Office Insider and select Change Level to move from one ring to another or remove yourself from the Office Insider program.

Computing

Microsoft to separate Cortana from search with the next version of Windows 10

Changes are on the way for two key features in Windows 10. A separation of Windows 10 search and Cortana will allow Microsoft to more often innovate on each of the features independently.
Computing

Our favorite Windows apps will help you get the most out of your new PC

Not sure what apps you should be downloading for your newfangled Windows device? Here are the best Windows apps, whether you need something to speed up your machine or access your Netflix queue. Check out our categories and favorite picks.
Computing

Problems with installing or updating Windows 10? Here's how to fix them

Upgrading to the newest version of Windows 10 is usually a breeze, but sometimes you run into issues. Never fear though, our guide will help you isolate the issue at hand and solve it in a timely manner.
Computing

Enjoy Windows on a Chromebook with these great tips and tricks

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so, just in case you're looking to nab some Windows-only…
Computing

Stop your PC's vow of silence with these tips on how to fix audio problems

Sound problems got you down? Don't worry, with a few tweaks and tricks we'll get your sound card functioning as it should, and you listening to your favorite tunes and in-game audio in no time.
Computing

Yes, Android apps can run on your PC, and it's easier than you think

Wish you knew how to run Android apps in Windows? It's easier than you might think and there are a number of different ways to do it. In this guide, we break down the steps so you can follow along with ease.
Computing

Chip off the auction block – Intel’s i9-9990XE may be sold to the highest bidder

Intel's alleged Core i9-9990XE may only be sold at auction to OEMs, meaning that only a few of the 14-core, 28-thread, 5GHz CPUs will ever see the light of day in specific devices and systems.
Computing

Don't spend hundreds on Pro Tools or Logic. Try one of these free alternatives

Believe it or not, Pro Tools isn't the only digital audio workstation worth your time. Check out our picks for the best free recording software, whether you're looking for a lightweight app or a full-blown audio workstation.
Computing

How to share an external hard drive between Mac and Windows

Compatibility issues between Microsoft Windows and Apple MacOS may have diminished sharply over the years, but that doesn't mean they've completely disappeared. Here's how to make an external drive work between both operating systems.
Computing

Should you buy the affordable MacBook Air, or is the MacBook Pro worth the price?

Though they both share Retina Displays and similar keyboards, there are still some specs differences and other changes that differentiate the new 2018 MacBook Air and MacBook Pro. In this guide, we stack the two up against each other.
Android

Mobile World Congress (MWC) 2019: Complete Coverage

There's no bigger show for mobile tech geeks than Mobile World Congress in Barcelona, Spain: where flagship phones are born and intriguing new wearables shine. And this year, where foldable phones and 5G are likely to dominate the news. For…
Computing

Google is giving its G Suite web apps new touches of visual improvements

Your G Suite applications will soon have a different look. Several of the web apps are getting updated with subtle visual improvements inspired by Google's Material Design guidelines. 
Emerging Tech

CES 2019 recap: All the trends, products, and gadgets you missed

CES 2019 didn’t just give us a taste of the future, it offered a five-course meal. From 8K and Micro LED televisions to smart toilets, the show delivered with all the amazing gadgetry you could ask for. Here’s a look at all the big…
Computing

Hackers are scoring with ransomware that attacks its previous victims

Computer viruses are always evolving. In a new one, dubbed "Ryuk," hackers are targeting PCs with ransomware that scours an infected network in order to pinpoint and attack and enterprises with big money.