Connect with us

Business

Microsoft asks bug hunters to probe on-premises Exchange, SharePoint servers

Published

on

Bug hunters that discover and report high-impact security vulnerabilities in on-premises ExchangeSharePoint and Skype for Business may earn as much as $26,000 per eligible submission, Microsoft has announced.

bug on-premises Exchange

The highest awards will go to those who discover vulnerabilities that have the highest potential impact to customer security. This includes vulnerabilities that allow for scenarios like:

  • Insecure deserialization of user-controllable data, leading to remote code execution on server
  • Arbitrary file write of user-controlled data on user-controlled location on the server
  • Authentication bypass allows for unauthenticated exploitation which results in mass exploitation of vulnerabilities
  • Vulnerabilities within Exchange Emergency Mitigation Service (EEMS)
  • Server-Side Request Forgery allows an attacker to make server-side HTTP requests to arbitrary URLs (Exchange only)
  • Authenticated Server-Side Request Forgery allows an attacker to make authenticated server-side HTTP requests to arbitrary URL (SharePoint only)

More information about in scope and out of scope vulnerabilities is available on the Microsoft Applications and On-Premises Servers Bounty Program page.

In general, technical vulnerabilities are in-scope, and phishing or other social engineering attacks against Microsoft employees are forbidden.

Source: https://www.helpnetsecurity.com/2022/04/06/bug-on-premises-exchange/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO