Microsoft is launching a new Windows Bounty Program today, designed to expand its existing security bug bounty programs.
This new program will see the software giant pay out for serious Hyper-V flaws in Windows 10 or Windows Server operating systems.
Microsoft will pay up to $250,000 for severe Hyper-V vulnerabilities, and security bugs in Microsoft Edge or Windows 10 preview builds will fetch up to $15,000.
The new Windows Bounty Program launches today. Any critical flaws that affect Windows and a variety of individual features will receive a bounty.
The overall program highlights:
- Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer's privacy and security will receive a bounty
- The bounty program is sustained and will continue indefinitely at Microsoft's discretion
- Bounty payouts will range from $500 USD to $250,000 USD
- If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could've received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)