Windows users can report vulnerabilities and get paid for it

By: Madeleine Dean
2 minute read

Did you know that you can report Windows vulnerabilities and exploitation techniques to Microsoft and get paid for it? Microsoft’s Bounty Program helps the company harness the collective intelligence of Windows users to boost its security team performance and better protect customers.

Bounty programs are time-limited programs that apply only to certain OS versions and tools, helping Microsoft address vulnerabilities before the final version is complete and rolled out to the general public. The regular bounty rate is $15,000 but the most generous offer goes up to $100,000.

Calling all Microsoft friends, hackers, and researchers! Do you want to help us protect customers, making some of our most popular products better… and earn money doing so? Step right up!

The Microsoft Bounty Programs have been around since June 2013, and the company has been offering bounties for certain classes of vulnerabilities reported by users. Yet, very few Windows users actually know such programs exists.

There are five active Bounty Programs right now. The latest targets Microsoft .NET Core and ASP.NET Core bugs, and offers a total bounty of $15,000. The Redmond giant already announced that there would be some big changes coming to .Net Core version 2.0 in 2017, and security improvements are definitely on the list. You can now help Microsoft detect and patch NET Core and ASP.NET Core vulnerabilities and get paid for it.

All you need to do is report certain types of vulnerabilities and exploitation techniques used for the projects by sending an email at secure@microsoft.com.

The full list of ongoing Bounty Programs includes:

Program Name Start Date Ending Date Eligible Entries Bounty range
Microsoft .NET Core and ASP.NET Core Bug Bounty Program Terms September 1, 2016 Ongoing Vulnerability reports on .NET Core and ASP.NET Core RTM and future builds (see link for program details) Up to $15,000 USD
Microsoft Edge RCE on Windows Insider Preview Bug Bounty August 4, 2016 May 15, 2017 Critical RCE in Microsoft Edge in the Windows Insider Preview.TIME LIMITED. Up to $15,000 USD
Online Services Bug Bounty (O365) September 23, 2014 Ongoing Vulnerability reports on applicable O365 services (see link for program details). Up to $15,000 USD
Online Services Bug Bounty (Azure) April 22, 2015 Ongoing Vulnerability reports on eligible Azure services (see link for program details). Up to $15,000 USD
Mitigation Bypass Bounty June 26, 2013 Ongoing Novel exploitation techniques against protections built into the latest version of the Windows operating system. Up to $100,000 USD
Bounty for Defense June 26, 2013 Ongoing Defensive ideas that accompany a qualifying Mitigation Bypass submission Up to $100,000 (in addition to any applicable Mitigation Bypass Bounty).

Happy vulnerability hunting!

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions