Microsoft Updates Payment, Criteria for Windows Bug Bounty

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Updates Payment, Criteria for Windows Bug Bounty


The Windows Insider Preview Bounty Program will award between $500 and $15,000 for eligible submissions.



Microsoft has updated the eligible submission criteria and payment tiers for its Windows Insider Preview bounty program, which first launched on July 26, 2017.
The program was created to find vulnerabilities that reproduce in versions of Windows released through the Windows Insider Preview (WIP) fast ring. Insiders test early releases of each OS update before the final release goes to the public, to eliminate bugs and security problems.
The typical payments for qualified submissions earn between $500 to $15,000 USD per bug. In an announcement on its latest update, Microsoft
notes
bounties are awarded at its discretion and higher payouts beyond $15,000 may be possible, depending on the quality and complexity of each entry.
Higher-quality reports lead to bigger payouts. The baseline reward for a remote code execution vulnerability ranges from $500 to $7,500, but a high-quality RCE report could earn up to $15,000 per bug. Similarly, the payout for a privilege escalation flaw ranges from $500 to $5,000 as a baseline sum, but up to $10,000 for a high-quality report.
Each submission must meet certain criteria to be eligible for payment. It must identify an original and unreported Critical or Important flaw in WIP Fast. The bug must reproduce in the version of WIP Fast being tested. Reports must have the vulnerability impact and attack vector.
A description of the problem, and the steps to reproduce it, must be easily understood to Microsoft engineers so they can patch. If a submission has all the info necessary for an engineer to reproduce, understand, and fix the problem - including a short write-up with background data, description, and proof-of-concept - it could earn more money.
Microsoft encourages any submissions describing security flaws in WIP Fast. It wont pay out for bugs in the Windows Store, Windows apps, firmware, third-party drivers, or third-party software in Windows. Vulnerabilities requiring unlikely user actions also dont count; neither do vulnerabilities that are known to Microsoft or require users to downgrade security settings.

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Updates Payment, Criteria for Windows Bug Bounty