On the Technet blog Microsoft has announced a new bug bounty program for Office Insider builds on Windows aimed at finding security vulnerabilities in the productivity suite during the design phase before it hits general consumers.
The types of vulnerabilities awarded include:
- Elevation of privilege via Office Protected View
- Macro execution by bypassing security policies to block macros
- Code execution by bypassing Outlook automatic attachment block policies
The program will run for three months from March 15 to June 15, 2017 and bounty payout during the period will be range between $6,000 to $15,000 USD. Vulnerabilities should be submitted to firstname.lastname@example.org.
Microsoft recently initiated a similar program for their Outlook and Office 365 online sites, paying out up to $30,000. For more information on Microsoft’s other bug bounty programs can be found here.