Microsoft expands bug bounty program

Researchers have a fresh target to explore for vulnerabilities with rewards reaching up to $15,000.
Written by Charlie Osborne, Contributing Writer

Microsoft has expanded its bug bounty program to include the Nano Server installation option of Windows Server 2016 Technical Preview 5.


The expansion of Microsoft's bug bounty program, now includes the Nano Server -- the remotely administered, headless installation option of the server operating system.

As a technical preview, the installation option is focused on acting as a host for computer and/or storage clusters and as a lightweight operating system in a virtual machine (VM) or container for cloud applications.

Microsoft says that vulnerabilities found within this release must be original and able to be reproduced to be eligible for the new vulnerability disclosure program.

The tech giant is particularly interested in remote code execution vulnerabilities, privilege escalation and remote unauthenticated denial of service and other high-impact bugs in Nano Server DLLs such as information leaks and spoofing.

Researchers who submit vulnerabilities found within earlier versions of Nano Server will not be considered, and no bugs which require admin privileges or "unlikely user actions" will be accepted, either.

Valid vulnerability disclosure will earn researchers between $500 and $15,000, depending on the severity of the flaw. However, the Redmond giant may pay more if bugs warrant a bigger reward.

Microsoft has laid out potential rewards as below:


The Nano Server bug bounty program will run from April 29 - July 29, 2016.

10 things you didn't know about the Dark Web

Read on: Top picks

Editorial standards