HomeWinBuzzer NewsMicrosoft Will Give You up to $20k for Finding Dynamics 365 Security...

Microsoft Will Give You up to $20k for Finding Dynamics 365 Security Bugs

Microsoft's Dynamics 365 bounty seeks RCE, escalation of privilege, and spoofing/tampering issues, with rewards ranging from $500 to $20k.

-

is adding another bug bounty to its collection. This time, it's the CRM software, and the rewards scale up to $20k That's a similar amount to its Azure DevOps bounty in January, but nothing close to the $250k it was offering for Meltdown and Spectre.

Even so, this could be a good opportunity for budding security researchers. It includes all Dynamics 365 apps, including Talent, Sales, and Remote Assist, as well as on-premise products like Dynamics CRM.

$20k is the max researchers can expect to get, and most won't get anywhere near that. The big payout is reserved for high severity critical remote code execution bugs. However, you can still get $15k for medium severity RCE's, or important high severity ones.

Meanwhile, escalation of privilege bugs will get you $1,000-8,000. Information disclosure scales similarly while important spoofing and tampering issues reward between $500 and $3,000.

As is standard, bounty only applies to the latest versions of the applications. The vulnerabilities also can't depend on user config action, third-party software, or DoS attacks. Researchers must provide a reproducible guide to get the payment.

Microsoft has previously been criticized for its bug bounty program, which led to a researcher releasing zero-day exploits on Twitter. Some submitters say the company has been very slow to confirm bugs and even longer to get word about the bounty.

Earlier this year, Microsoft announced changes to its bounty program that should mean payments are issued faster. In February, GitHub revealed changes to its program too, relaxing legal restrictions while increasing the rewards.

SourceMicrosoft
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News