Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Bounty Hunters Invited to Hack Edge on Windows Preview Builds

Microsoft announced on Thursday that it’s offering up to $15,000 to researchers who find remote code execution vulnerabilities in the company’s Edge web browser running on Windows Insider Preview builds.

Microsoft announced on Thursday that it’s offering up to $15,000 to researchers who find remote code execution vulnerabilities in the company’s Edge web browser running on Windows Insider Preview builds.

Users who sign up for the Windows Insider program are given the chance to test new features before they are made generally available. Microsoft wants white hat hackers to find remote code execution (RCE) flaws in Edge on Windows preview builds and it’s prepared to pay out between $500 and $15,000.

Microsoft is aware that some of the vulnerability reports it will receive as part of this program will describe issues that its employees are already working to address, but the company says it will still pay up to $1,500 to the first external researcher who finds a bug that is in the process of being fixed.

The company also noted that the bug bounty program includes the open source sections of Chakra, the JavaScript engine that powers Edge. The program will end on May 15, 2017.

“This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process,” Microsoft said.

The tech giant runs several bug bounty programs, including for its online services, Nano Server, .NET and ASP.NET core, and mitigation bypasses. While the top reward in most cases is $15,000, the company is prepared to offer up to $100,000 for new exploitation techniques that target the protections built into Windows. Researchers can double the amount if the mitigation bypass is accompanied by an idea on how to defend against the attack.

Related: New Windows Attack Turns Evil Maid into Malicious Butler

Related: Microsoft Expands Bug Bounty Program

Advertisement. Scroll to continue reading.

Related: Microsoft Adds OneDrive to Bug Bounty Program

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.