This is the Trace Id: a24c2d320a685da8620b2bb19b2379cd
Skip to main content Report Security Vulnerability Report Abuse Report Infringement Submission FAQs Reporting Vulnerability Security Update Guide Exploitability index Developer API documentation Frequently Asked Questions Technical Security Notifications Glossary Microsoft Bug Bounty Programs Microsoft Active Protections Program BlueHat Security Conference Researcher Recognition Program Windows Security Servicing Criteria Researcher Resource Center Microsoft Security Response Center Security Research & Defense BlueHat Conference Blog Security Researcher Acknowledgments Online Services Researcher Acknowledgments AI Safety Acknowledgements Security Researcher Leaderboard

Extending the Microsoft Office Bounty Program

MSRC
/ By MSRC /

Microsoft announces the extension of the Microsoft Office Bounty Program through December 31, 2017. This extension is retroactive for any cases submitted during the interim.

The engagement we have had with the security community has been great and we are looking to continue that collaboration on the Office Insider Builds on Windows. This program represents a great chance to identify vulnerabilities prior to broad distribution.

Program Details

Office Insider Builds give users early access to the latest Office capabilities and security innovation. By testing against these early builds, issues can potentially be found prior to production release. This helps improve quality and protect customers.

How it works

  • Types of vulnerabilities awarded and their details are listed in the Microsoft Office Insider Builds on Windows Bounty Program Terms, including:

    • Elevation of privilege via Office Protected View
    • Macro execution by bypassing security policies to block macros
    • Code execution by bypassing Outlook automatic attachment block policies

  • The program duration is from March 15 to December 31, 2017

  • Bounty payout ranges during this period will be $6,000 to $15,000 USD

Call to action : send your vulnerabilities to secure@microsoft.com and let us know that you want your submission to be part of this program!

As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.

Phillip Misner,

Principal Security Group Manager

Microsoft Security Response Center

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Software companies Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads