Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft will pay you cash for hunting down specific vulnerabilities for Microsoft Edge in the Windows Insider program

By

Man holding money
Image used with permission by copyright holder
Microsoft’s Jason Shirk from the MSRC Team reports that the company has added another bounty program to its roster for bug hunters. This one targets possible remote code execution vulnerabilities within the version of Microsoft Edge that’s served up to participants in the Windows Insider program. For consumers, that means a good chunk of vulnerabilities will have already been tracked down and patched before a new version of the browser is released to the masses.

“This bounty continues our partnership with the security research community in working to secure our platforms, in pre-release stages of the development process,” Shirk writes. “The Windows Insider program is built to help shape the future of Windows, and represents the latest in features, including new security features and mitigations.”

Recommended Videos

The new Microsoft Edge bounty began on August 4, 2016, and will conclude on May 15, 2017. Bug hunters will be paid handsomely for their research, earning between $500 and $15,000. However, if they come across a qualifying vulnerability that was found internally by Microsoft, then the company will offer up to $1,500 for the first “external” individual who submits a report.

Related

Additionally, all vulnerabilities uncovered by researchers must be reproducible on the latest version of Windows 10 in the Windows Insider program “slow ring.” For the uninitiated, the Windows Insider program is broken down into “fast,” “slow,” and “Release Preview” rings, with the first group getting builds as they’re completed, the second group receiving slightly more polished and stable builds at a slower rate, and the third group enjoying new features with little or no risk to their devices.

The new Microsoft Edge bounty joins a number of other programs Microsoft currently offers to researchers, including the Online Services Bug Bounty, the Nano Server Technical Preview Bug Bounty, the .NET Core and ASP.NET Core RC2 Bug Bounty, the Mitigation Bypass Bounty, and the Bounty for Defense program.

Previously, there was a Microsoft Edge Technical Preview Bug Bounty that began April 22, 2015, and ended on June 22, 2015. According to the listing, Microsoft paid between $1,500 and $15,000 for Remote Code Execution vulnerability discoveries, and for finding a Sandbox Escape vulnerability with Enhanced Protected Mode. Between $1,500 and $6,000 was paid for higher severity vulnerabilities in the browser or EdgeHTML, and a mere $500 was paid for ASLR Info Disclosure vulnerabilities in Edge or EdgeHTML.

“Our new bounty programs add expanded depth and flexibility to our existing community outreach programs,” states Microsoft. “Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers.”

Right now, the new Microsoft Edge bounty doesn’t appear on the Microsoft Bounty Programs website. Four of the bounties listed above are ongoing whereas the .NET Core and ASP.NET Core RC2 bug bounty ends on September 7, 2016. If you fall under the “hacker” and “researcher” umbrella and want to earn some cash, take a look at what Microsoft is offering. You’ll be helping us all out and banking some nice green bills in the process.

Editors’ Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
A Windows 10 update brings Microsoft’s excellent new Edge browser to the masses
microsoft new edge now rolling out automatically image 1

The new Microsoft Edge browser, which is based on Google's open-source Chromium engine, is making its way to more Windows 10 PCs. Now being delivered via Windows Update, the browser is coming as an automatic install, replacing the older and little-used legacy version of Edge.

With the new browser previously only available as a manual download, there are three specific updates that will bring the browser automatically to Windows 10 PCs. These include KB4541301, KB4541302, and KB4559309. Depending on which version of Windows you're running, you'll see a different KB in Windows Update when you visit Update and Security and click Check for Updates if you're hoping to get the browser automatically.

Read more
Microsoft offers up to $20,000 to identify security vulnerabilities in Xbox Live
Xbox One S All-Digital Edition review

When it comes to securing complex products, companies are increasingly turning to bug bounty programs to invite members of the public to find security vulnerabilities. Google's bug bounty program handed out $6.5 million last year, and Apple recently expanded its program to cover macOS bugs as well as iOS bugs.

Now Microsoft is expanding its own bug bounty program from covering software like its Office suite and its Edge browser to also covering the Xbox Live network and services. The company will pay out rewards to anyone who can find and reproduce a security vulnerability in the Xbox Live system.

Read more
At basically $105, the Ryzen 5 7600X is the best gaming CPU to buy right now
The Ryzen 5 7600X sitting among thermal paste and RAM.

I don't usually get my hopes up for Black Friday CPU deals, but I found one that's just too good to pass up. Right now, you can get the Ryzen 5 7600X -- still one of the best processors for value-focused gaming -- for basically $105. No, that's not the actual price listed on Newegg where you'll find the deal, but there's a lot going on with this sale.

For starters, the CPU itself is marked down by 24%, bringing the $299 list price down to $225. Not a great deal for a last-gen chip. However, you can save an additional $30 by using the promo code BFEDY2A33, and more importantly, you'll get a free Kingston NV3 1TB hard drive with the order. That's a PCIe 4.0 SSD that normally costs $90.

Read more