Microsoft launches Windows bug bounty program with payouts of up to $250,000

Microsoft isn't new to bug bounty programs, having already implemented programs for Microsoft Edge and even Office Insiders. Now, the tech giant has launched a similar ongoing program (opens in new tab) for Windows generally, allowing security researchers to get paid for finding security flaws with payouts ranging from as little as $500 and as high as $250,000.

The program itself covers all features of the Windows Insider Preview, and comes in addition to programs focus specifically on the likes of Hyper-V, Windows Defender Application Guard, Microsoft Edge and more. Rather than running for a limited time, the Windows Bounty Program will continue indefinitely, following the lead of the Microsoft Edge program that was recently extended indefinitely as well.

Highlights include:

  • Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer's privacy and security will receive a bounty
  • The bounty program is sustained and will continue indefinitely at Microsoft's discretion
  • Bounty payouts will range from $500 USD to $250,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could've received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)

As with all of Microsoft's bounty efforts, you can find the current status of active programs and their associates payouts and status at the dedicated MSRC Security TechCenter site (opens in new tab).

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

7 Comments
  • I wish I actually knew enough about this stuff to be able to take part. Or do you need to be a professional security researcher to do this.
  • With recent security flaws I've seen you can become a billionaire with this program
  • You've seen 4,000 critical security issues?
  • A pity they don't have a similar incentive to push for more uwp (non-centennial) apps in the store.
  • I wish too. Quality apps like Mp3Tag are direly missing from UWP.
  • Microsoft tried paying developers to build apps in the days of WP7/8. It wasn't nearly as successful as either Microsoft or users had hoped. As in, the program barely worked. Microsoft even went so far as to build some of the biggest name apps themselves, largely yielding a whole lot of p***ing and moaning by throngs of ungrateful brats.
  • I found one. He is called Nadella. Now, give me the money 😜