Microsoft announces Windows Bounty Program with payouts up to $250,000 USD

Microsoft today launched the new Windows Bounty Program that will allow anyone to find critical security issues in Windows and get rewarded by reporting it to Microsoft. It includes all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. Microsoft is also increasing the pay-out range for the Hyper-V Bounty Program. The bounty payouts will range from $500 USD to $250,000 USD.

The program highlights:

  • Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
  • All security bugs are important to us and we request you report all security bugs to [email protected] via Coordinated Vulnerability Disclosure (CVD) policy

Payout information:

Category Targets Windows Version Payout range (USD)
 Focus area Microsoft Hyper-V Windows 10

Windows Server 2012

Windows Server 2012 R2

Windows Server Insider Preview

 $5,000 to $250,000
 Focus area Mitigation bypass and Bounty for defense Windows 10 $500 to $200,000
 Focus area Windows Defender Application Guard WIP slow $500 to $30,000
 Focus area Microsoft Edge WIP slow $500 to $15,000
 Base Windows Insider Preview WIP slow $500 to $15,000

In the recent years, Microsoft has built several defensive security mechanisms such as DEP, ASLR, CFG, CIG, ACG, Device Guard, and Credential Guard in Windows 10 to improve the security of the systems. Windows Bounty program will help Microsoft in fixing the holes in these technologies.

Learn more about the Windows Bounty program here.

Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.

Related
Comments