Microsoft announces Windows Bounty Program with payouts up to $250,000 USD

Microsoft today launched the new Windows Bounty Program that will allow anyone to find critical security issues in Windows and get rewarded by reporting it to Microsoft. It includes all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. Microsoft is also increasing the pay-out range for the Hyper-V Bounty Program. The bounty payouts will range from $500 USD to $250,000 USD.

The program highlights:

• Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
• If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
• All security bugs are important to us and we request you report all security bugs to [email protected] via Coordinated Vulnerability Disclosure (CVD) policy

Payout information:

In the recent years, Microsoft has built several defensive security mechanisms such as DEP, ASLR, CFG, CIG, ACG, Device Guard, and Credential Guard in Windows 10 to improve the security of the systems. Windows Bounty program will help Microsoft in fixing the holes in these technologies.

Learn more about the Windows Bounty program here.