Windows 10 Security News: Microsoft Updates Bounty Program; Security Researchers Could Earn Up to $250,000
Microsoft recently updated its bounty program and will now reward security researchers with as much as $250,000 when they discover bugs on a certain target area.
On Wednesday, Microsoft released its updated guidelines and the payout range of their Windows Bounty Program.
In its official announcement, Microsoft stated: "This will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. We're also bumping up the pay-out range for the Hyper-V Bounty Program."
Get Our Latest News for FREE
Microsoft now gives the biggest payout to security researchers who will find vulnerabilities in their virtualization component called Microsoft Hyper-V. The payout range for the Microsoft Hyper-V bounty program spreads from $5,000 to the maximum amount of $250,000.
Note that like all bounty programs, there are several parameters that Microsoft will consider before qualifying a submission as eligible.
For example, the bounty program's guidelines said the security researcher should "identify an original and previously unreported vulnerability in eligible versions of Microsoft Hyper-V."
Microsoft will only count findings affecting Hyper-V on Windows 10, the latest version of Windows Server 2016, and Windows Server 2012 R2. The company reminds analysts that bugs on hardware and firmware do not qualify for this criteria.
The Windows Bounty Program also identified Mitigation Bypass as one of its targets with a payout of as much as $100,000. A bug defense plan for any exploit identified in this area is also eligible for a separate bounty of as much as $100,000.
Microsoft will reward those who will submit eligible vulnerabilities in the Windows Defender Application Guard with a payout ranging from $500 to $30,000. Meanwhile, those who will find qualified bugs within the Microsoft Edge and Windows Insider Preview systems will be rewarded with a $500 to $15,000 payout.
"Security is always changing and we prioritize different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities," said the company.
