Microsoft has announced this week that the Applications and On-Premises Servers Bounty Program has been expanded to include on-premises versions of Exchange, SharePoint, and Skype for Business.
The technology giant is offering up to $26,000 in rewards for eligible reports highlighting critical security flaws in these products. The company announced the expansion of its bug bounty programme alongside increased rewards for scenarios that could have the greatest impact on customer security.
According the announcement, Microsoft is now offering a 20% increase in rewards for server-side request forgery (SSRF) exploits, that allow attackers to make server-side HTTP requests to arbitrary URLs on Exchange. A similar multiplier was announced for SharePoint-based authenticated SSRF bugs.