MSRC extends Bug Bounty Program for Microsoft Teams

New Teams Desktop Client Bug Bounty Program

Microsoft Teams is a platform developed by Microsoft that combines chat, meetings, notes and attachments. The service is integrated into the Microsoft 365 suite with Microsoft Office and Skype/Skype for Business.

In recent weeks, microsoft's msrc team has added the Microsoft Teams application to the bug bounty program that currently already exists. In a public post on the msrc newsblog the team announced the new program.

In their blog post, the msrc team explains what conditions a security researcher can expect when submitting a vulnerability. This new bug bounty program includes exactly 5 scenario-based rewards for vulnerabilities & security issues. The reports must have potential privacy or security implications for microsoft customers. The rewards qualified vulnerabilities starts at an amount of $6,000 (USD) and ends at an amount of $30,000 (USD). The program itself is part of the official microsoft applications bug bounty program.

The bug bounty program only applies to the microsoft teams desktop client, which is available for microsoft windows 10, macOS and Linux operating systems. However, the program is explicitly limited to the desktop client. The Teams app for desktop browsers or the native mobile apps for iOS and Android are not included in the program.

References:
https://msrc-blog.microsoft.com/2021/03/24/introducing-bounty-awards-for...
https://www.microsoft.com/en-us/msrc/bounty-applications