You can earn up to $100,000 for finding vulnerabilities in Microsoft’s revamped Windows Insider Preview bug bounty program
Microsoft has gotten generous with its bug bounty program. It has announced a revamped Windows Insider Preview bug bounty program with a bug bounty of up to $100,000 for severe vulnerabilities in Windows 10 builds.
White hat hackers, security researchers, and bounty hunters use the Windows Insider Preview program to submit vulnerabilities in Windows 10 build under development. Earlier Microsoft paid bug bounties of $500 to $15,000 but now it will be paying a whopping $100,000 reward for highly critical vulnerabilities. Microsoft announced this major bump up in the new Friday update.
“Today we’re introducing updates to this program to further incentivize research with the highest impact, including new scenario awards up to $100,000,” said Jarek Stanley, senior program manager with Microsoft on Friday. “We’re also announcing procedural updates for more seamless integration with researchers and faster Windows bounty awards for eligible research.”
New Windows 10 bug bounties:
The new bug bounties announced by Microsoft are unauthenticated, non-sandboxed remote code execution with no user interaction which carries a $100,000 reward. A demonstrable unauthorized, remote access to private user data with little or no user interaction will get a $50,000 reward, and finding persistent, remote denial-of-service flaws with no user interaction will earn the hackers a $30,000 reward.
Microsoft will pay $20,000 for a local sandbox escape “with little or no user interaction” flaw and an equal amount for demonstrable local, unauthorized access to private user data from a sandboxed process with no user interaction. The general awards of $500 to $5000 for bugs, spoofing, information disclosure, security feature bypass will continue says the release.
This bump up shows that Microsoft is getting serious with purging vulnerabilities in Windows 10 and surrounding Apps like Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.
Microsoft has also streamlined the bug bounty reporting page with a new UI making it easier for hackers and security researchers to update their findings.