Microsoft announces bug bounties for Spartan, Azure
As the official launch of Windows 10 approaches, Microsoft has launched a new bug bounty related to its Technical Preview version, and is asking bug hunters to analyze its new browser codenamed Spartan.
They are asked to concentrate on remote code execution vulnerabilities, sandbox escape flaws, and design-level security bugs, and they only have two months (April 22, 2015 to June 22, 2015) to report the flaws and receive up to $15,000 for each.
“Microsoft’s new browser will be the onramp to the internet for millions of users when Windows 10 launches later this year,” noted Jason Shirk of the MSCR Team. “Securing this platform is a top priority for the browser team.”
The company has also made two new additions to its Online Services Bug Bounty Program: its cloud platform Azure and associated services, and the Sway.com web app. In addition to this, the maximum payout for the Online Services Bounty Program has been raised to $15,000.
Finally, they have added one more vulnerability eligible for the Mitigation Bypass bounty: Hyper-V escape (Guest-to-Host, Guest-to-Guest, and Guest-to-Host DoS).
“The Mitigation Bypass bounty and the Bonus bounty for Defense are both very active, paying up to $100,000 USD for novel methods to bypass active mitigations (e.g. ASLR and DEP) in our latest released version of operating system (currently Windows 8.1 and Server 2012 R2) and a bonus of up to $50,000 USD for actionable defense techniques to the reported bypass,” Shirk pointed out.
“These important additions to the Bounty Programs reflect the continued shift and evolution of technology towards the cloud,” he concluded.