Microsoft Bounty Programs Announcement

MS Bounty Programs Shield

Calling all Microsoft friends, hackers, and researchers! Do you want to help us protect customers, making some of our most popular products better… and earn money doing so? Step right up!

Microsoft offers direct payments in exchange for reporting certain types of vulnerabilities and exploitation techniques.

Microsoft has championed many initiatives to advance security and to help protect our customers, including the Security Development Lifecycle (SDL) process and Coordinated Vulnerability Disclosure (CVD). We formed industry collaboration programs such as the Microsoft Active Protections Program (MAPP) and Microsoft Vulnerability Research (MSVR),and created the BlueHat Prize to encourage research into defensive technologies. Since June 2013, we’ve also offered bounties for certain classes of vulnerabilities reported to us. These bounty programs help Microsoft harness the collective intelligence and capabilities of security researchers to help protect customers. As you’ll see from the list below, several time-limited programs apply only to preview versions, so we can address the vulnerabilities before the final version is complete.

Take a look at the active programs below and review the program details at each link. If you have a vulnerability that might be a match for one of our bounty programs, please contact us at secure@microsoft.com with details.

Happy Hunting!

Microsoft Security Response Center

Active Bounty Programs for Windows

Program Name Start Date Ending Date Eligible Entries Bounty range
Windows Insider Preview July 26, 2017 Ongoing Critical and important vulnerabilities in Windows Insider Preview slow Up to $15,000 USD
Windows Defender Application Guard July 26, 2017 Ongoing Critical vulnerabilities in Windows Defender Application Guard in WIP slow Up to $30,000 USD
Microsoft Hyper-V Bounty Program May 31, 2017 Ongoing Critical remote code execution, information disclosure and denial of services vulnerabilities in Hyper-V Up to $250,000 USD
Microsoft Edge on Windows Insider Preview August 4, 2016 Ongoing Critical remote code execution and design issues in Microsoft Edge in Windows Insider Preview slow Up to $15,000 USD
Mitigation Bypass Bounty June 26, 2013 Ongoing Novel exploitation techniques against protections built into the latest version of the Windows operating system. Up to $100,000 USD
Bounty for Defense June 26, 2013 Ongoing Defensive ideas that accompany a qualifying Mitigation Bypass submission Up to $100,000 (in addition to any applicable Mitigation Bypass Bounty)

Active Bounty Programs for .NET and Cloud

Program Name Start Date Ending Date Eligible Entries Bounty range
Microsoft .NET Core and ASP.NET Core Bug Bounty Program September 1, 2016 Ongoing Vulnerability reports on .NET Core and ASP.NET Core RTM and future builds (see link for program details) Up to $15,000 USD
Microsoft Cloud Bounty September 23, 2014 Ongoing Vulnerability reports on applicable Microsoft cloud services Up to $15,000 USD