Microsoft extends Office bug bounty program

The company is offering up to $15,000 per bounty.
Written by Charlie Osborne, Contributing Writer
File Photo

Microsoft is extending its Microsoft Office Bounty Program until the end of the year, with up to $15,000 on offer for valid vulnerabilities.

On Friday, the Redmond giant said in a blog post that the program, originally intended to last until June 15, will now carry on until 31 December 2017.

According to Microsoft, the "engagement we have had with the security community has been great and we are looking to continue that collaboration."

Back in March, Microsoft announced the bug bounty program for Microsoft Office Insider on Windows. A minimum of $500 and maximum financial reward of $15,000 was put on the table for zero-day flaws in the Microsoft Office Insider slow build shipping on the latest, fully patched version of the Windows 10 Desktop operating system that the company is able to replicate after disclosure.

However, the bounty payout is now between $6,000 and $15,000, which suggests a number of problems have already been resolved.

With these kinds of programs, the scarcer the flaw, the more cash is often offered in return for the additional time researchers may need to take to find bugs.

See also: Zerodium lures researchers with $1 million payout for Tor Browser flaws

Microsoft tests early builds of consumer software in order to find potentially exploitable problems before production release.

According to the bug bounty's terms, the tech giant wants to hear about zero-day problems including privilege escalation through Office Protected View, macro execution which bypasses security barriers designed to block macros, and remote code execution bugs, among others.

"This program represents a great chance to identify vulnerabilities prior to broad distribution," the company said.

Last week, Samsung launched a new bug bounty program designed to discover vulnerabilities in the firm's mobile products. In total, 38 products have been marked as targets for bug rewards -- including the Galaxy smartphone lines and Note series -- and up to $200,000 is on offer for the worst security flaws found.

Previous and related coverage

Must-have mobile apps to encrypt your texts and calls

Editorial standards