Microsoft offers up to $100,000 to find Windows 8.1 exploits

In just one week, Microsoft will launch the first official public preview version of Windows 8.1, along with the first preview of Internet Explorer 11. Today, Microsoft announced plans to offer people a lot of money if they find and report exploits in its updated OS and browser.

Microsoft's security blog has revealed three new bounty programs that will start when the public preview of Windows 8.1 is released on June 26th. The biggest one is the Mitigation Bypass Bounty, which will pay up to $100,000 to developers who find "truly novel exploitation techniques" in Windows 8.1.

The second program is the BlueHat Bonus for Defense, which offers up to $50,000 for "defensive ideas that block a qualifying mitigation bypass technique." Both the Mitigation Bypass and the BlueHat Bonus for Defense programs are ongoing bounties.

Finally, Microsoft is offering up to $11,000 for anyone that finds "critical vulnerabilities" in the public preview for IE11. That program begins on June 26 but will end 30 days later on July 26th. More details on all three bounty programs, including some advice on how to submit a good exploit report, can be found on another Microsoft blog post.

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Windows Phone envy? Android Metro-style launcher hits 1m downloads

Next Story

GameStop US stores reach Xbox One pre-order limits

25 Comments

Commenting is disabled on this article.

dig around you will find a working exploit if something is made by humans it can be taken apart by humans, chances are someone has already found an exploit.

If i found an exploit i would not tell m$ be better to just sell it so some spyware / ad companies you would make more cash.

for up to $ 100K throw away the BlackHat and become a "developer" and get a BlueHat for a bonus
now let's see if the old automatic update and phantom scheduled tasks exploits still works in 8.1........

Security all comes down to how you use the OS, and the AV software you have installed. I've never had any issues on XP.

So Windows 8.1 will be:
- The most secure Windows ever
- The fastest Windows ever
- The most easy to install and recognize devices windows ever
- And the ugliest (sorry that was Windows 8.0) the second ugliest Windows ever

Meh don't matter how secure the OS is... Its Java, Flash Click here links (that dumb peeps click) that cause the issues.

Windows 8 PC hacking simple... forgotten password on there hotmail or facebook login simples... Hell use remote desktop or assistance its on by default. If you cba with that just login to there facebook, skydrive or drop box and download.

As for accessing the physical files on the PC np there also.
Options for full access:
1) Password change USB stick
2) Take HDD out plug into another PC
3) Use a virtual Linux CD/DVD/USB stick.

MrAnalysis said,
Meh don't matter how secure the OS is... Its Java, Flash Click here links (that dumb peeps click) that cause the issues.

Windows 8 PC hacking simple... forgotten password on there hotmail or facebook login simples... Hell use remote desktop or assistance its on by default. If you cba with that just login to there facebook, skydrive or drop box and download.

As for accessing the physical files on the PC np there also.
Options for full access:
1) Password change USB stick
2) Take HDD out plug into another PC
3) Use a virtual Linux CD/DVD/USB stick.

Physical access required for 90% of what you're suggesting. Also remote desktop requires one to be on the same network, or have a proxy on to said network, and remote assistance requires an invite from the computer's owner.

Plus its well known that if you have physical access to a computer then all bets are off as far is security is concerned. That applies to any OS.

A brilliant program and a sire sign of confidence in the security of the 8.1 platform.

BUT, i still see people spinning this into a negative. What the f**k is wrong with you people?

(btw not having a go at peoples opinions on w8 overall, just this article and spinning its merits)

The 2 key words in this article:

"up to"

Who decides on the amount? Well, Microsoft of course. They can decide to give you 5 bucks if they so choose. Might as well say they'll give you "up to" a billion.

I do give them a lot of credit for looking for outside assistance to help secure their products. Obviously they can't do it on their own.

Edited by COKid, Jun 19 2013, 7:54pm :

COKid said,
The 2 key words in this article:

"up to"

Who decides on the amount? Well, Microsoft of course. They can decide to give you 5 bucks if they so choose. Might as well say they'll give you "up to" a billion.

I do give them a lot of credit for looking for outside assistance to help secure their products. Obviously they can't do it on their own.

Do you actually believe yourself?

COKid said,
I do give them a lot of credit for looking for outside assistance to help secure their products. Obviously they can't do it on their own.

The world can hold some very smart individuals. Almost always there are smarter minds not working for these companies. Thats why everything we have gets 'hacked' in some way shape or form. Look at the kinect when first released, people were hacking away at that thing even without API drivers and such.

I can see a problem with this tactic they are using,

A really good hacker may find a really nice hole that they know no one else knows about, and just not report it, use it for their benefit. This will surely get any and every hacker up and in motion to hack this thing. Could turn out to be bad, guess we wont know until the future happens.

COKid said,
The 2 key words in this article:

"up to"

Who decides on the amount? Well, Microsoft of course. They can decide to give you 5 bucks if they so choose. Might as well say they'll give you "up to" a billion.

I do give them a lot of credit for looking for outside assistance to help secure their products. Obviously they can't do it on their own.

I think you'll find this is fairly standardized, and there is no $5 reward.
http://www.google.com.au/about/appsecurity/reward-program/

theslam08 said,

I can see a problem with this tactic they are using,

A really good hacker may find a really nice hole that they know no one else knows about, and just not report it, use it for their benefit. This will surely get any and every hacker up and in motion to hack this thing. Could turn out to be bad, guess we wont know until the future happens.

That is the problem placing a bounty fixes. It is a two pronged approach:
1. The bounty will mean more people looking for exploits, reduces the chance of only ONE person discovering the exploit and not sharing it.

2. Rewarding hackers means they can get the cash, without having to risk illegal activities to make it profitable.

Do gullible users count as exploits? If so...found one! Found another. Wait there is one down the hall. Hmm, I think MS should get their check book ready.

People are allowed their opinions, even if they don't match yours. For many, Windows 8 has been a miserable experience. You can name-call all you want, but you need to deal with that reality.

COKid said,
People are allowed their opinions, even if they don't match yours. For many, Windows 8 has been a miserable experience. You can name-call all you want, but you need to deal with that reality.

There's a blurry line between hating and having an opinion.