Microsoft launches Windows bug bounty program with payouts of up to $250,000
Microsoft has launched a new bug bounty effort for Windows, offering to pay out thousands of dollars for any who finds eligible security flaws.
Microsoft isn't new to bug bounty programs, having already implemented programs for Microsoft Edge and even Office Insiders. Now, the tech giant has launched a similar ongoing program for Windows generally, allowing security researchers to get paid for finding security flaws with payouts ranging from as little as $500 and as high as $250,000.
The program itself covers all features of the Windows Insider Preview, and comes in addition to programs focus specifically on the likes of Hyper-V, Windows Defender Application Guard, Microsoft Edge and more. Rather than running for a limited time, the Windows Bounty Program will continue indefinitely, following the lead of the Microsoft Edge program that was recently extended indefinitely as well.
- Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer's privacy and security will receive a bounty
- The bounty program is sustained and will continue indefinitely at Microsoft's discretion
- Bounty payouts will range from $500 USD to $250,000 USD
- If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could've received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
As with all of Microsoft's bounty efforts, you can find the current status of active programs and their associates payouts and status at the dedicated MSRC Security TechCenter site.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl.