Microsoft Expands Bug Bounty Program To Azure, Project Spartan And Sway.com

Home » Microsoft

Reading time icon 2 min. read

Calendar icon Published on

by Microsoft News 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Microsoft Security

Microsoft today announced the significant expansions to the Microsoft Bounty Programs which rewards developers and security researchers for finding security bugs in Microsoft’s products and services. Microsoft is adding Azure, Project Spartan and Sway.com to this program list.

  • Azure
    • Azure is Microsoft’s cloud platform and the backbone of Microsoft cloud services.
    • This program will include a number of Azure services, such as: Azure virtual machines, Azure Cloud Services, Azure Storage, Azure Active Directory and much more
  • Sway.com
    • Sway.com is a web application that lets users express ideas in an entirely new way across many devices and platforms
  • Raising the maximum payout for the Online Services Bounty Program
    • We will pay up to $15,000 USD for critical bugs, as always, more for more impactful and better documented bugs.
  • Project Spartan Bug Bounty
    • Microsoft’s new browser will be the onramp to the internet for millions of users when Windows 10 launches later this year.  Securing this platform is a top priority for the browser team.
    • This bounty includes Remote Code Execution and Sandbox Escapes, as well as design-level security bugs.
      • Always be sure to use the latest version released in the Windows 10 Technical Preview
    • Microsoft will pay up to $15,000 USD for security vulnerabilities reported in Project Spartan, you can see the specifics in the program terms. Don’t hesitate as the Project Spartan Bug Bounty will run from April 22, 2015 to June 22, 2015
      • The bounties for Spartan are tiered by the criticality of the issue reported, as well as the quality of the documentation and how reproducible the issue is.

Microsoft already has the Mitigation Bypass bounty and the Bonus bounty for Defense which offers up to $100,000 USD for novel methods to bypass active mitigations (e.g. ASLR and DEP) in th latest released version of operating system (currently Windows 8.1 and Server 2012 R2) and a bonus of up to $50,000 USD for actionable defense techniques to the reported bypass.  There is one addition to the Mitigation bypass bounty:

  • Hyper-V escape
    • Guest-to-Host
    • Guest-to-Guest
    • Guest-to-Host DoS (non-distributed, from a single guest)

Source: Microsoft

More about the topics: azure, Bug Bounty, microsoft, Programs, Project Spartan, security, Sway

Microsoft News

Microsoft News Shield

Newsroom

Microsoft News is MSPowerUser's former newsroom team. Today, we work with a variety of journalists and reports who tip us news and events.

Leave a Reply

Your email address will not be published. Required fields are marked *