"The Microsoft Cloud and Online Services Bounty Program has helped us identify elusive vulnerabilities and provided a way to reward the individuals actively partnering with us to protect our customers. We want to continue incentivizing research around design and logic and reward deeper thought in important areas of Office," Microsoft said.
This is a temporary program that is in effect now and runs through June 15, 2017. Until that deadline, Office Insiders from around the world can receive monetary rewards for submitting security vulnerabilities found in Microsoft Office Insider slow builds. To qualify for a payout, Office Insiders must be running the latest, fully patched version of Windows.
Microsoft is offering some big bounties here. In some instances, Microsoft says it will even dole out more than $15,000. The biggest payouts apply to three different areas:
- Elevation of privilege via Office Protected View sandbox escape (excludes vulnerabilities in components and libraries not installed by Office or AppContainer sandbox, that are applicable to any application using them).
- Macro execution by bypassing security policies to block Office macros in Word, Excel, and PowerPoint.
- Code execution by bypassing Outlook's automatic attachment block policies for a predefined set of extensions, listed below, that are by default blocked by Outlook.