Microsoft expands bug bounties - even on programs without official payouts

Microsoft has announced an important change to the company's bug bounty program – security researchers will now be eligible ...

Microsoft bounty program now includes any flaw impacting its services

Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party.
SecurityWeek

Microsoft Bug Bounty Program Expanded to Third-Party Code

All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services.