Microsoft this week announced that, over the past 12 months alone, it paid out $13.7 million in rewards as part of its bug bounty programs.
The tech giant is currently running over 15 bug bounty programs covering assets across its cloud services, desktop applications and operating systems, and confidentiality and virtualization solutions, including a program covering the ElectionGuard open source software development kit (SDK).
Security researchers interested in participating in Microsoft’s bug bounty programs may earn rewards of up to $250,000 for critical-severity vulnerabilities in Hyper-V that could lead to remote code execution, information disclosure, or denial of service (DoS).
In fact, the single biggest payout that Microsoft handed out between July 1, 2021, and June 30, 2022, was of $200,000, awarded for a critical flaw in the Hyper-V hypervisor.
During the 12-month period, more than 330 security researchers received rewards via Microsoft’s bug bounty programs, for an average payout of more than $12,000.
Microsoft says it is evolving its bug bounty programs based on feedback from researchers. This year, the company introduced across its programs a new research challenge and new high-impact attack scenarios.
New additions and updates include an Azure SSRF challenge, Android and iOS being added to the Edge bounty program, a recognition program for researchers, the addition of on-premises Exchange, SharePoint, and Skype for Business to the bug bounty program, and expanded Azure, M365, and Dynamics 365 and Power Platform bounty programs with high-impact scenarios.
“The addition of these attack scenarios to our Azure, Dynamics 365 and Power Platform, and M365 bounty programs helps to focus research on the highest impact cloud vulnerabilities including areas like Azure Synapse Analytics, Key Vault, and Azure Kubernetes Services,” Microsoft notes.
Related: Microsoft Patches 128 Windows Flaws, New Zero-Day Reported by NSA
Related: Microsoft Adds Teams Mobile Applications to Bug Bounty Program
Related: Microsoft Launches ElectionGuard Bug Bounty Program
More from Ionut Arghire
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
- New Wi-Fi Attack Allows Traffic Interception, Security Bypass
- Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
- Over 200 Organizations Targeted in Chinese Cyberespionage Campaign
- Nigerian BEC Scammer Sentenced to Prison in US
Latest News
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Why Endpoint Resilience Matters
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- UK Introduces Mass Surveillance With Online Safety Bill
- Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT
- Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
