Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

New Microsoft Defender Bounty Program Offers up to 20K Rewards

Key Takeaways:

Microsoft has launched the Defender Bounty Program to incentivize security researchers in discovering vulnerabilities in its security solution.

The Microsoft Defender Bounty Program offers rewards ranging from $500 to $20,000 based on the severity of the identified issues.

The program initially focuses on Microsoft Defender for Endpoint APIs, with plans to expand coverage over time.

Microsoft announced yesterday the launch of its new Defender Bounty Program. The new program is aimed at enticing security researchers to unearth new vulnerabilities in the security solution in exchange for rewards between $500 and $20,000.

The submissions must specify the severity (Critical or Important) and step-by-step instructions to reproduce the issue in the fully patched version of the product. Microsoft will assess the severity, impact, and quality of vulnerability submissions to determine the final reward amount. The highest reward will be granted to security researchers who submit high-quality reports of critical severity remote code execution flaws.

“The Microsoft Defender Bounty Program invites researchers across the globe to identify vulnerabilities in Defender products and services and share them with our team. The Defender program will begin with a limited scope, focusing on Microsoft Defender for Endpoint APIs, and will expand to include other products in the Defender brand over time,” the Microsoft Security Response Center team explained.

Microsoft Defender Bounty Program targets XSS, CSRF, SSRF, and other vulnerabilities

The new bounty program allows security researchers to discover various security vulnerabilities in Microsoft Defender for Endpoint APIs. The list includes Cross-site scripting (XSS), Cross-site request forgery (CSRF), Server-side request forgery (SSRF), Cross-tenant data tampering or access, Insecure direct object references, Insecure deserialization, Injection vulnerabilities, Server-side code execution, Significant security misconfiguration as well as components with known vulnerabilities.

Microsoft continuously updates its bug bounty programs in an effort to improve its services like Microsoft 365, Windows, Azure, Edge, Xbox, and more. Over the past ten years, the company has paid out $63 million in rewards to 1,117 researchers who participated in its bug bounty programs. If you’re interested, you can learn more about how to join the Microsoft Defender Bounty Program on this page.

by Rabia Noureen
Nov 22, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.