Microsoft Launches Bug Bounty Program For Windows, Increases Hyper-V Bounty Payouts

Microsoft is rolling out a program to compensate security researchers that uncover vulnerabilities in software related to Windows 10, with payouts reaching up to $250,000.

The Windows Bounty Program is part of "maintaining a high security bar in Windows," Microsoft said in a blog post announcing the program.

[Related: Apple Launches Bug Bounty Program, A Security 'Mea Culpa']

The company has offered bounties for uncovering bugs in certain Windows features since 2012 and began paying up to $100,000 in bug bounties starting in mid-2013, in connection with the launch of Windows 8.1 Preview.

The Redmond, Wash.-based software giant said the Windows Bounty Program would cover all features of the Windows Insider Preview. Payouts for discovering Windows Insider Preview bugs will range from $500 to $15,000.

The program will also include bounties for discovering vulnerabilities in four related "focus areas," including Hyper-V, which will feature a payout range of $5,000 to $250,000. Microsoft said the payout range had been increased for discovering Hyper-V bugs, though the company didn't specify what the previous range had been.

The Windows versions covered in the Hyper-V bug bounties are Windows 10, Windows Server 2012, Windows Server 2012 R2, and Windows Server Insider Preview.

The three other focus areas for the bounty program are mitigation bypass ($500 to $200,000 payout range), Windows Defender Application Guard ($500 to $30,000), and Microsoft Edge ($500 to $15,000).

"Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer's privacy and security will receive a bounty," Microsoft said in its blog post.

The bug bounty program "will continue indefinitely at Microsoft's discretion," the company added.

Microsoft made the announcement as the Black Hat security conference in Las Vegas.

Read more articles on: