Microsoft announces Windows Bounty Program with payouts up to $250,000 USD

Reading time icon 2 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Microsoft today launched the new Windows Bounty Program that will allow anyone to find critical security issues in Windows and get rewarded by reporting it to Microsoft. It includes all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. Microsoft is also increasing the pay-out range for the Hyper-V Bounty Program. The bounty payouts will range from $500 USD to $250,000 USD.

The program highlights:

  • Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
  • All security bugs are important to us and we request you report all security bugs to [email protected] via Coordinated Vulnerability Disclosure (CVD) policy

Payout information:

Category  Targets  Windows Version  Payout range (USD)
 Focus area  Microsoft Hyper-V  Windows 10

Windows Server 2012

Windows Server 2012 R2

Windows Server Insider Preview

 $5,000 to $250,000
 Focus area  Mitigation bypass and Bounty for defense  Windows 10  $500 to $200,000
 Focus area  Windows Defender Application Guard  WIP slow  $500 to $30,000
 Focus area  Microsoft Edge  WIP slow  $500 to $15,000
 Base  Windows Insider Preview  WIP slow  $500 to $15,000

In the recent years, Microsoft has built several defensive security mechanisms such as DEP, ASLR, CFG, CIG, ACG, Device Guard, and Credential Guard in Windows 10 to improve the security of the systems. Windows Bounty program will help Microsoft in fixing the holes in these technologies.

Learn more about the Windows Bounty program here.

More about the topics: developers, hackers, microsoft, Security research, Windows Bounty Program, Windows Bug Bounty

Leave a Reply

Your email address will not be published. Required fields are marked *