To some it may have passed under the radar, for others it might be of interest.
Microsoft has released a bug bounty program for hackers, white hats, bug hunters and security researchers alike to discover, find and report vulnerabilities to Microsoft to strengthen the Microsoft portfolio.
Microsoft having dominated the market for home users and business computers have long been a favored target for cyber criminals, hobby hackers and other nefarious operatives. Meaning that just a zero-day vulnerability or any breach can cause a crisis like the recent WannaCry ransomware attack.
Microsoft has previously had bug bounty programs, but mostly they have been limited in time, or for specific suites.
The latest bug bounty program main focus are
- Windows 10
- Windows Server 2012
- Microsoft Hyper-V
- Mitigation Bypass Techniques
- Microsoft Edge (Browser)
- Windows Defender Application Guard
- Microsoft Cloud
- .NET
Active Bounty Programs for Windows
| Program Name | Start Date | Ending Date | Eligible Entries | Bounty range |
| Windows Insider Preview | July 26, 2017 | Ongoing | Critical and important vulnerabilities in Windows Insider Preview slow | Up to $15,000 USD |
| Windows Defender Application Guard | July 26, 2017 | Ongoing | Critical vulnerabilities in Windows Defender Application Guard in WIP slow | Up to $30,000 USD |
| Microsoft Hyper-V Bounty Program | May 31, 2017 | Ongoing | Critical remote code execution, information disclosure and denial of services vulnerabilities in Hyper-V | Up to $250,000 USD |
| Microsoft Edge on Windows Insider Preview | August 4, 2016 | Ongoing | Critical remote code execution and design issues in Microsoft Edge in Windows Insider Preview slow | Up to $15,000 USD |
| Mitigation Bypass Bounty | June 26, 2013 | Ongoing | Novel exploitation techniques against protections built into the latest version of the Windows operating system. | Up to $100,000 USD |
| Bounty for Defense | June 26, 2013 | Ongoing | Defensive ideas that accompany a qualifying Mitigation Bypass submission | Up to $100,000 (in addition to any applicable Mitigation Bypass Bounty) |
Active Bounty Programs for .NET and Cloud
| Program Name | Start Date | Ending Date | Eligible Entries | Bounty range |
| Microsoft .NET Core and ASP.NET Core Bug Bounty Program | September 1, 2016 | Ongoing | Vulnerability reports on .NET Core and ASP.NET Core RTM and future builds (see link for program details) | Up to $15,000 USD |
| Microsoft Cloud Bounty | September 23, 2014 | Ongoing | Vulnerability reports on applicable Microsoft cloud services | Up to $15,000 USD |
For more information you can read about the Microsoft Bounty Programs here.
Happy hunting everyone!
Ulv
musings of a consultant 