The enhanced program now offers rewards of up to $40,000 USD for identifying critical vulnerabilities within the .NET ecosystem, representing a major commitment to strengthening the security framework of one of the world’s most widely used development platforms. Security researchers can now target a broader range of attack vectors, from traditional server-side vulnerabilities to client-side security flaws in modern single-page applications. The new framework categorizes security impacts into specific types, including Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Remote Denial of Service, Spoofing or Tampering, and Information Disclosure. Critical Remote Code Execution vulnerabilities with complete exploits can earn researchers the maximum $40,000 reward, while important-level vulnerabilities of the same category receive $30,000. This approach encourages researchers to provide actionable intelligence that enables Microsoft’s security teams to understand and remediate vulnerabilities effectively. The award structure also addresses documentation security issues, offering rewards for identifying insecure coding practices in official documentation that could mislead developers. Microsoft has significantly enhanced its .NET bounty program, announcing substantial updates that expand the program’s scope, streamline award structures, and provide greater incentives for cybersecurity researchers.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 01 Aug 2025 09:05:15 +0000