When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft launches Windows Bounty Program, offering payouts of up to $250,000

Microsoft has announced the launch of its new Windows Bounty Program, two years after Windows 10 was originally released. Like other tech giants, Microsoft has offered bounties for some time, and recently announced the indefinite extension of its Bug Bounty Program for Edge - but this is the first time that the company has established a complete program across its Windows operating system.

Microsoft's Security Response Center (MSRC) said today that the Windows Bounty Program "will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge."

Key highlights of the program include:

  • Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
  • The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
  • Bounty payouts will range from $500 USD to $250,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
  • All security bugs are important to us and we request you report all security bugs to secure@microsoft.com via Coordinated Vulnerability Disclosure (CVD) policy
  • For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog

Microsoft also highlighted the targets of the Windows Bounty Program, and how much it will pay out for new vulnerabilities discovered in each category:

Category Targets Windows version Payout range (USD)
Focus area

Microsoft Hyper-V

Windows 10

Windows Server 2012

Windows Server 2012 R2

Windows Server Insider Preview

$5,000 to $250,000

Focus area

Mitigation bypass and Bounty for defense

Windows 10

$500 to $200,000

Focus area

Windows Defender Application Guard

WIP slow

$500 to $30,000

Focus area

Microsoft Edge

WIP slow

$500 to $15,000

Base

Windows Insider Preview

WIP slow

$500 to $15,000


Further details on all of Microsoft's bounty programs can be found on the MSRC Security TechCenter site.

Source: Microsoft TechNet

Report a problem with article
Next Article

More finger-lickin' tech: KFC giveaway offers 10 of India's 1.3bn people a Gamer's Box 2.0

Previous Article

New Google Pixel 2 XL render shows off a handset that is missing an important feature

Join the conversation!

Login or Sign Up to read and post a comment.

3 Comments - Add comment