If you are one of those who likes to break into software or OS protection, then this post is for you. Microsoft is paying you to hack into Windows 8.1! Microsoft has asked hackers, security researchers and others to report vulnerabilities in their various products, including Windows 8.1, for making their products better and protecting customers. For this, Microsoft has announced various Microsoft Security Bounty Programs.
Microsoft Bounty Programs
Microsoft is now offering direct cash payments in exchange for reporting certain types of vulnerabilities and exploitation techniques.
Microsoft Security Bounty Programs
Microsoft has announced various programs which will launch on June 26, 2013:
Mitigation Bypass Bounty- The Mitigation Bypass Bounty Program asks participants to submit truly novel mitigation bypass techniques that target Windows 8.1 Preview. Qualified mitigation bypass submissions are eligible for payment of $100,000 USD, based on the quality and complexity of the bypass technique and optional defense idea. A mitigation bypass technique is designed to circumvent protections that are built into the operating systems. The program starts on 26th June, the launch date of Windows 8.1 Preview. The Mitigation Bypass Bounty program will run indefinitely, at Microsoft’s discretion.
Internet Explorer 11 Preview Bug Bounty – Microsoft will pay up to $11,000 USD for critical-class vulnerabilities that affect Internet Explorer 11 Preview running on Windows 8.1 Preview. The bounty period for Internet Explorer 11 Preview starts on June 26, 2013, and ends July 26, 2013. Even former Microsoft employees and even previously members of IE team can participate in this.
BlueHat Bonus for Defense – The BlueHat Bonus for Defense allows Mitigation Bypass program participants to also submit a technical white paper to describe a defensive idea that could effectively block the exploitation technique they have submitted. Qualifying defense submissions will receive an additional bonus of up to $50,000 USD, depending on the quality and uniqueness of the defense idea.
The highest rewards will go to submissions that include a fully functioning exploit which concretely demonstrates that remote code execution is possible.
Check the Mitigation Bypass and BlueHat Defense Guidelines here. More details about the New Bounty Programs here.