Microsoft new bug bounty program will pay up to $250,000

To some it may have passed under the radar, for others it might be of interest.

Microsoft has released a bug bounty program for hackers, white hats, bug hunters and security researchers alike to discover, find and report vulnerabilities to Microsoft to strengthen the Microsoft portfolio.

Microsoft having dominated the market for home users and business computers have long been a favored target for cyber criminals, hobby hackers and other nefarious operatives. Meaning that just a zero-day vulnerability or any breach can cause a crisis like the recent WannaCry ransomware attack.



Microsoft has previously had bug bounty programs, but mostly they have been limited in time, or for specific suites.

The latest bug bounty program main focus are

  • Windows 10
  • Windows Server 2012
  • Microsoft Hyper-V
  • Mitigation Bypass Techniques
  • Microsoft Edge (Browser)
  • Windows Defender Application Guard
  • Microsoft Cloud
  • .NET

Active Bounty Programs for Windows

Program Name Start Date Ending Date Eligible Entries Bounty range
Windows Insider Preview July 26, 2017 Ongoing Critical and important vulnerabilities in Windows Insider Preview slow Up to $15,000 USD
Windows Defender Application Guard July 26, 2017 Ongoing Critical vulnerabilities in Windows Defender Application Guard in WIP slow Up to $30,000 USD
Microsoft Hyper-V Bounty Program May 31, 2017 Ongoing Critical remote code execution, information disclosure and denial of services vulnerabilities in Hyper-V Up to $250,000 USD
Microsoft Edge on Windows Insider Preview August 4, 2016 Ongoing Critical remote code execution and design issues in Microsoft Edge in Windows Insider Preview slow Up to $15,000 USD
Mitigation Bypass Bounty June 26, 2013 Ongoing Novel exploitation techniques against protections built into the latest version of the Windows operating system. Up to $100,000 USD
Bounty for Defense June 26, 2013 Ongoing Defensive ideas that accompany a qualifying Mitigation Bypass submission Up to $100,000 (in addition to any applicable Mitigation Bypass Bounty)

Active Bounty Programs for .NET and Cloud

Program Name Start Date Ending Date Eligible Entries Bounty range
Microsoft .NET Core and ASP.NET Core Bug Bounty Program September 1, 2016 Ongoing Vulnerability reports on .NET Core and ASP.NET Core RTM and future builds (see link for program details) Up to $15,000 USD
Microsoft Cloud Bounty September 23, 2014 Ongoing Vulnerability reports on applicable Microsoft cloud services Up to $15,000 USD

For more information you can read about the Microsoft Bounty Programs here.

Happy hunting everyone!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s