Microsoft offers bounty rewards for MS Teams vulnerabilities

Matthew Adams
by Matthew Adams
Windows & Software Expert
Matthew is a freelancer who has produced a variety of articles on various topics related to technology. His main focus is the Windows OS and all the things surrounding it. He is passionate about... Read more
Affiliate Disclosure
  • Microsoft has a series of bug bounty programs that offer rewards for users who discover software vulnerabilities.
  • MS Teams is one of the latest apps for Microsoft to include within a bug bounty program.
  • The program offers a maximum $30,000 reward for users who discover high-impact scenario bugs.
  • Users can net general rewards between $500-$15,000 for discovering MS Teams bugs and vulnerabilities.

Microsoft Teams’ user base has surged over the last year as the pandemic has greatly increased telecommuting. Therefore, MS Teams has become of the big M’s most important business apps alongside Microsoft 365.

Microsoft has now included MS Teams in one of its bug bounty programs.

What is a bug bounty program?

Every app probably has a few bugs that developers miss during the software development process. One of the reasons why developers bring out patch updates for software is to fix bugs and issues.

Some publishers have also started bounty programs that offer rewards for user-discovered bugs.

Microsoft is one of the big-name software publishers with bug bounty programs. The big M has launched bug programs for cloud, platform, and defense & grant software.

In all, there are currently 16 bug programs listed on the Microsoft Bug Bounty Program page.

The Microsoft Applications Bounty Program

MS Teams is among the latest apps for Microsoft to include within a bounty program. The big M has added Teams to the Microsoft Applications Bounty Program.

Users who identity an undiscovered Teams vulnerability could net up to $30,000. Microsoft lists the program’s general rewards as follows:

  • Remote code execution: $5,000-$15,000
  • Elevation of Privilege: $5,000-$8,000
  • Information Disclosure: $5,000-$8,000
  • Spoofing: $500-$3,000
  • Tampering: $500-$3,000

The maximum $30,000 reward is for high-impact scenarios. If you can discover a high-impact remote code execution bug in the MS Teams desktop client app, you could net a $30,000 prize from the big M.

Yet, that is still some way short of the $250,000 reward Microsoft offers on the Hyper-V bug program.

Microsoft Teams

So, do you want to be a Microsoft Teams bug hunter? If so, you can check out the Microsoft Applications Bug Program page for further details.

The Bounty Terms and Conditions page lays out the full terms for the program, and you can submit bugs for review via the Researcher Portal.

Highlights section

This article covers:Topics: