Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Bounty Hunters Invited to Hack Edge on Windows Preview Builds

Microsoft announced on Thursday that it’s offering up to $15,000 to researchers who find remote code execution vulnerabilities in the company’s Edge web browser running on Windows Insider Preview builds.

Microsoft announced on Thursday that it’s offering up to $15,000 to researchers who find remote code execution vulnerabilities in the company’s Edge web browser running on Windows Insider Preview builds.

Users who sign up for the Windows Insider program are given the chance to test new features before they are made generally available. Microsoft wants white hat hackers to find remote code execution (RCE) flaws in Edge on Windows preview builds and it’s prepared to pay out between $500 and $15,000.

Microsoft is aware that some of the vulnerability reports it will receive as part of this program will describe issues that its employees are already working to address, but the company says it will still pay up to $1,500 to the first external researcher who finds a bug that is in the process of being fixed.

The company also noted that the bug bounty program includes the open source sections of Chakra, the JavaScript engine that powers Edge. The program will end on May 15, 2017.

“This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process,” Microsoft said.

The tech giant runs several bug bounty programs, including for its online services, Nano Server, .NET and ASP.NET core, and mitigation bypasses. While the top reward in most cases is $15,000, the company is prepared to offer up to $100,000 for new exploitation techniques that target the protections built into Windows. Researchers can double the amount if the mitigation bypass is accompanied by an idea on how to defend against the attack.

Related: New Windows Attack Turns Evil Maid into Malicious Butler

Related: Microsoft Expands Bug Bounty Program

Related: Microsoft Adds OneDrive to Bug Bounty Program

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.