Microsoft announces huge bug bounty rewards for security flaws

Microsoft announces huge bug bounty rewards for security flaws

Microsoft announces huge bug bounty rewards for security flaws

Microsoft is rolling out a program to compensate security researchers that uncover vulnerabilities in software related to Windows 10, with payouts reaching up to $250,000. The payout table has been updated to reflect rewards of $500 to $250,000 for certain vulnerabilities, including $5,000 to $250,000 for ones that are focused on Hyper-V.

If you're interested in the maximum quarter-million bounty rewards, your only option is Hyper-V program, although you have multiple Microsoft's operating systems to choose from: Windows 10, Windows Server 2012, Windows Server 2012 R2, and Windows Server Insider Preview.

Also of note is the Mitigation Bypass and Bounty program's highest reward of $200,000, but there you can exclusively target Windows 10. However, the exploit needs to work on the latest release of the Windows Insider Preview slow ring.

"If a submission reproduces in a previous WIP Slow build but not the current WIP Slow at the time of your submission, then the submission is ineligible", Microsoft said in an explanatory note.

- If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10 percent of the highest amount they could've received.

German girl arrested in Iraq is missing Linda Wenzel, say authorities
She is reported to have used her mother's credit card to buy an airline ticket to Istanbul under her mom's name. Iraqi officals said the teenager was with the extremist group and worked for the ISIS police department.

The three other focus areas for the bounty program are mitigation bypass ($500 to $200,000 payout range), Windows Defender Application Guard ($500 to $30,000), and Microsoft Edge ($500 to $15,000).

To be clear, Microsoft already offers many bug bounty programs.

The Microsoft bug bounty program has been in existence since 2013, when rewards were fixed at $11,000 for finding bugs in Internet Explorer 11.

Microsoft was one of the first major tech companies to do so, but the program was always limited in scope, as only a few of the company's products were eligible for rewards.

Related news