Skip to main content

Make some serious cash finding bugs with Microsoft's Office Insider Bug Bounty program

Image used with permission by copyright holder
There’s probably no better way to find security bugs than to offer money to the people who actually use software on a daily basis to do just that. That’s why companies like Microsoft and Google offer increasingly significant amounts of money through reward programs aimed at discovering and then fixing vulnerabilities.

Microsoft has its lucrative Bug Bounty program for Windows that just saw its reward double to $30,000 for anyone identifying a verified exploit. Now, the company has announced a new program that offers some serious cash to users of its Office productivity suite for Windows Desktop.

The new Office Insider Bug Bounty program will pay anyone using the Insider slow ring builds up to $15,000 for finding security bugs before they have a chance to make their way to the production version. The kinds of bugs for which Microsoft will pay out include:

  • Elevation of privilege via Office Protected View.
  • Macro execution by bypassing security policies to block macros.
  • Code execution by bypassing Outlook automatic attachment block policies.

Go here to dig into the details of how Microsoft will determine eligibility and how you need to submit your bugs. These particular bugs are viewed as likely to be the most prominent and most likely to affect Office users. Macros and email attachments are common vectors of attack on all Office platforms.

Before you spend too much time looking for bugs, here’s a list of vulnerabilities that will not be covered:

  • Vulnerabilities in anything earlier than the current Office Insider slow build on Windows Desktop.
  • Vulnerabilities in user-generated content.
  • Vulnerabilities requiring extensive or unlikely user actions.
  • Vulnerabilities found by disabling existing security features.
  • Vulnerabilities in components not installed by Office.
  • Vulnerabilities in third-party components that might be installed on the system that enable the vulnerability.
  • Vulnerabilities about escaping Protected View where Protected View is explicitly not activated in Office code or enabled by default for the reported scenario.
  • Vulnerabilities in the Application container.
  • Any other category of vulnerability that Microsoft determines to be ineligible, in its sole discretion.

The Microsoft Office Bug Bounty program will last from March 15, 2017, through June 15, 2017. Payouts will range from $500 to $15,000, and of course, there are important terms and conditions to keep in mind. You also need to be a member of the Office Insider program utilizing an Insider slow ring build of Office for Windows Desktop.

You can sign up to be an Office Insider here. Go to File > Account and look under Office Updates to check which version you’re running. Click on Office Insider and select Change Level to move from one ring to another or remove yourself from the Office Insider program.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
How to do hanging indent on Google Docs
Google Docs in Firefox on a MacBook.

The hanging indent is a classic staple of word processing software. One such platform is Google Docs, which is completely free to start using. Google Docs is packed with all kinds of features and settings, to the point where some of its more basic capabilities are overlooked. Sure, there are plenty of interface elements you may never use, but something as useful as the hanging indent option should receive some kind of limelight.

Read more
How to disable VBS in Windows 11 to improve gaming
Highlighting VBS is disabled in Windows 11.

Windows 11's Virtualization Based Security features have been shown to have some impact on gaming performance — even if it isn't drastic. While you will be putting your system more at risk, if you're looking to min-max your gaming PC's performance, you can always disable it. Just follow the steps below to disable VBS in a few quick clicks.

Plus, later in this guide, we discuss if disabling VBS is really worth it, what you'd be losing if you choose to disable it, and other options for boosting your PCs gaming performance that don't necessarily involve messing with VBS.

Read more
How to do a hanging indent in Microsoft Word
A person typing on a keyboard, connected to a Pixel Tablet.

Microsoft Word is one of the most feature-rich word processing tools gifted to us human beings. In fact, the very word “Word” has invaded nomenclature to the point where any discussion of this type of software, regardless of what the product is actually called, typically results in at least one person calling the software “Word.”

Read more