Microsoft started a new bug hunt campaign that would end on June 22. The project aims to discover possible vulnerabilities in the company’s new browser Spartan Bounty, which will be launched with Windows 10.
Securing the upcoming browser is being set as one of the company’s top priorities for this year, shares Jason Shirk.
Up to $15 000 for Sandbox Escape and Remote Code Execution Vulnerabilities
The payout will depend on the complexity of the bug, its reproduction capabilities, and severity level. Rewards up to $15 000 will also be paid off for design-level vulnerabilities.
Microsoft also announced that the company is about to expand its Online Services Bug Bounty Program. It will include:
- Azure (Virtual Machines, Cloud Services, Active Directory, Storage)
- Sway.com
- The company’s cloud platform
The Mitigation Bypass and Bonus Bounty for Defense programs will also be expanded. This bounty will include guest-to-host and guest-to-guest denial of service flaws. The rewards are up to $ 100 000 for mitigation bypasses and $50 000 for defense mechanisms against them.
The payouts made by Microsoft so far this year have been quite large. Yunhai Zhang, an NSFOCUS researcher, was rewarded $75,000 for a mitigation bypass. Brian Gorenc, Simon Zuckerbraun and AbdulAziz Hariri, researchers with HP ZDI have developed attacks against Isolated Heap and MemoryProtection. The sum they have received from Microsoft Mitigation Bypass Bounty and Blue Hat Bonus for Defense was $125 000.