Microsoft adds all of Windows – including Server – to extended bug bounty program
Hyper-V tops the Most Wanted list with $250k price on its head
Microsoft has extended its bug bounty program for Windows Insider to include the whole of the OS, extended its operation indefinitely and added Windows Server Insider to the eligibility list.
Redmond’s previously offered bounties for specific Windows features only. Now you can score sweet Seattle-sourced dollars for finding a problem with any aspect of Windows. Rewards of up to US$15k are yours for the reaping.
Microsoft’s also trying to get you to devote most attention to its preferred ‘focus areas”. Hyper-V is currently top priority, as a bad bug in that code can earn you up to US$250k, $50k more than is on offer for any other bug and an increase on previous payments for those who find critical remote code execution, information disclosure and denial of services vulnerabilities in the virtualization code.
Windows Defender Application Guard is also a new focus, as it was added to the program just this week. There's $30k on offer for those who find critical vulns in the slow Windows Insider release track.
Mitigation bypass and Microsoft Edge are the other focus areas and attract bounties of up to $100k and $15k respectively.
Microsoft’s being quite generous with this program, because it will pay ten per cent of prize on offer to the first researcher who finds a flaw its own people have already discovered. ®