Windows 10: Windows 10 20H2 bug - bounty

t0mn8r · Dec 16, 2020

Team,

I have recently upgraded my Windows 10 2004 to 20H2 and I have found a bug which interferes with the normal operation due to the differences between the versions.

I have tracked down what I believe to be the root cause but I want a US$10k bounty.

I have searched but not found any place where a Windows 10 bounty is paid. There is the bounty program for Security related bugs but this does not meet the criteria.

I have reported bugs to Microsoft twice before and in one instance didn't even get a thank you.

This one is not for free.

Please advise.

:)

Andrew TheBRunner · Dec 16, 2020

Microsoft Bug Bounty

I recently found a article about Microsoft Bug Bounty Project,i can report a subtitle bug in Movies app in Windows 10?

I found a bug in Spartan Project Too.When i enter on different websites it start's lagging and not responding to any click.

This is not on all websites but i don't like to stay 1 hour on Facebook to type "What are you doing?".

Sorry for my english,i'm romanian.

Raevenlord · Dec 16, 2020

Microsoft Announces the Windows Bounty Program

While Microsoft has been offering bug bounty incentives since at least 2012, Google has arguably been much more vocal in its bug bounty programs. The company recently increased the maximum payout in its bug bounty programs (mainly focused on Android) to a staggering $200,000, and now Microsoft is not only following suit - it's upping the game.

With the Windows Bounty Program, which Microsoft announced yesterday, the company is looking towards an increased incentive to security-hardening suggestions from tech-savvy users. This program will extend to all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. And incentives starting at $500 and going all the way up to $250,000 are very, very respectful.

Source: Blogs.Technet @ Microsoft

Brink · Dec 16, 2020

Microsoft Bounty Programs Expansion – Azure and Project Spartan

I am excited to announce significant expansions to the Microsoft Bounty Programs. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updating the Mitigation Bypass Bounty.

This continued evolution includes additions to the Online Services Bug Bounty Program:

Azure

Azure is Microsoft’s cloud platform and the backbone of Microsoft cloud services.

This program will include a number of Azure services, such as: Azure virtual machines, Azure Cloud Services, Azure Storage, Azure Active Directory and much more

Sway.com

Sway.com is a web application that lets users express ideas in an entirely new way across many devices and platforms

Raising the maximum payout for the Online Services Bounty Program

We will pay up to $15,000 USD for critical bugs, as always, more for more impactful and better documented bugs.

We’re also launching a new bounty related to the Windows 10 Technical Preview:

Project Spartan Bug Bounty

Microsoft’s new browser will be the onramp to the internet for millions of users when Windows 10 launches later this year. Securing this platform is a top priority for the browser team.

This bounty includes Remote Code Execution and Sandbox Escapes, as well as design-level security bugs.

Always be sure to use the latest version released in the Windows 10 Technical Preview

Microsoft will pay up to $15,000 USD for security vulnerabilities reported in Project Spartan, you can see the specifics in the program terms. Don’t hesitate as the Project Spartan Bug Bounty will run from April 22, 2015 to June 22, 2015

The bounties for Spartan are tiered by the criticality of the issue reported, as well as the quality of the documentation and how reproducible the issue is.

The Mitigation Bypass bounty and the Bonus bounty for Defense are both very active, paying up to $100,000 USD for novel methods to bypass active mitigations (e.g. ASLR and DEP) in our latest released version of operating system (currently Windows 8.1 and Server 2012 R2) and a bonus of up to $50,000 USD for actionable defense techniques to the reported bypass. We have one addition to the Mitigation bypass bounty:

Hyper-V escape

Guest-to-Host

Guest-to-Guest

Guest-to-Host DoS (non-distributed, from a single guest)

These important additions to the Bounty Programs reflect the continued shift and evolution of technology towards the cloud. The additions to the bounty program will be part of the rigorous security programs at Microsoft. They will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services and Security and Compliance Accreditations by third party audits.

Microsoft has a long history of working closely with security researchers. Having personally done penetration testing and exploit mitigation, I understand that this is intense and difficult work. I can say that we truly value these contributions. Bug bounties are an increasingly important part of the vulnerability research and defense ecosystem and will continue to evolve over time. We will be regularly managing the Microsoft Bounty Programs to help us best protect our many users.

Mark Russinovich will be sharing some information in his “Assume Breach: An Inside Look at Cloud Service Provider Security” talk. You can also come by the Microsoft Booth at RSA on April 23, 2PM for a Bounty Program Q&A or you can always find the most up to date information about our bounty programs at https://aka.ms/BugBounty and in the associated terms and FAQs.

I’m looking forward to seeing some great submissions!
Jason Shirk
Click to expand...

Source: Microsoft Bounty Programs Expansion – Azure and Project Spartan - Microsoft Security Response Center - Site Home - TechNet Blogs

Windows 10: Windows 10 20H2 bug - bounty

Windows 10 20H2 bug - bounty

Windows 10 20H2 bug - bounty

Windows 10 20H2 bug - bounty

Windows 10 20H2 bug - bounty - Similar Threads - 20H2 bug bounty

Windows 10 20h2 Scrolling bug

20H2 bug fixed?

Windows 10 20h2 update no startup bug

Looking for the place to report a Windows 10 bug and claim a bounty.

Windows 20H2 dxgmms2 bugged...

Windows 10 version 20h2 function key bugs.

20H2 Defrag Bug.

Microsoft Adds OneDrive to Bug Bounty Program

Intel Expanding Bug Bounty Program