Help Microsoft find bugs in Windows 8.1 Preview and earn up to $100,000

Shawn Knight

Posts: 15,240   +192
Staff member

microsoft windows

A new bounty program from Microsoft designed to help the company become aware of security vulnerabilities earlier is backed by some pretty deep pockets. Redmond will pay up to $100,000 as part of what they are calling a Mitigation Bypass Bounty dealing with Windows 8.1 Preview.

The bounty notes they are looking for truly novel exploitation techniques against protections built into the upcoming software update. Microsoft said learning about new exploitation techniques earlier helps them improve security by leaps instead of simply handling them one at a time as they crop up after the fact.

A separate program called BlueHat Bonus for Defense will award up to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission. Naturally this program will work in conjunction with the above mentioned bounty and could be a way for individuals to earn even more money from their work.

Finally, Microsoft is offering up to $11,000 for critical vulnerabilities that affect Internet Explorer 11 Preview in Windows 8.1 Preview.

All three bounties will launch on June 26, 2013, we’re told. The timeframe for the Mitigation Bypass Bounty and the BlueHat Bonus for Defense bounty is listed as ongoing while the Internet Explorer 11 bounty will only be active during the first 30 days of the beta period (from June 26 through July 26).

Those interested in learning more about each program and finding tips on how to submit a good report can be found on Microsoft’s bounty program details page.

Permalink to story.

 
Patching every security hole in Internet Explorer isn't going to save it, so says the cold statistics.

This is the end game, with Chrome Blink being the only finisher.
 
MS Development team is the biggest bug of all. Find those who think Windows has to change every few years, and you will know where the bugs are.
 
I hope the result is not saying that Windows 8.1 itself is a bug xD
 
Patching every security hole in Internet Explorer isn't going to save it, so says the cold statistics.

This is the end game, with Chrome Blink being the only finisher.
Try again when Chrome has native support for Group Policy and other Windows Services, until then Internet Explorer will still rule in corporate enterprises which makes up a lot of marketshare.

Nice stats though, too bad those include mobile platforms as well. When it comes to desktop computer browser marketshare, IE still has 55.99%. http://www.netmarketshare.com/
 
I studied the Unix Kernel in college and know that finding a flaw with an application has nothing to do with getting root access. Though with Windows, it does. With Unix, Linux and OS X, if you log in as a non root user, there is noway that you can become root. To become root there would have to be a hole in the kernel and there is not on any of those systems mentioned. It is so strange that Microsoft would have applications requiring SYSTEM access to do reads, writes and other OS functions. Windows must have been designed quickly. They should call it the Quick and Dirty OS or QDOS for short!
 
Back