In February, it announced increased payouts for moderate-severity Microsoft Copilot (AI) security flaws and a 100% award multiplier for all Copilot bounty awards to incentivize AI research. Madeline Eckert, a senior program manager for Researcher Incentives and Bounty at Microsoft, stated that these changes aim to more accurately reflect the complexity involved in discovering and exploiting .NET vulnerabilities. Starting today, Microsoft will pay up to $40,000 for critical remote code execution and privilege escalation security flaws, as well as $30,000 for critical security feature bypasses, and up to $20,000 for critical remote denial-of-service bugs. Earlier this year, Microsoft raised bounty awards to $30,000 for AI vulnerabilities found in Power Platform and Dynamics 365 services and products. During last year's Ignite annual conference, Microsoft also launched the Zero Day Quest, a hacking event focusing on cloud and AI products and platforms, and offering $4 million in rewards. Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities. These changes expand the program's scope, simplify the award structure, and offer great incentives for security researchers," said Eckert. "We're excited to announce significant updates to the Microsoft .NET Bounty Program. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 31 Jul 2025 17:25:19 +0000