Tech News

Microsoft now pays up to $40,000 for some .NET vulnerabilities

By admin 3 Min Read

Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities.

Madeline Eckert, a senior program manager for Researcher Incentives and Bounty at Microsoft, stated that these changes aim to more accurately reflect the complexity involved in discovering and exploiting .NET vulnerabilities.

“We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers,” said Eckert.

“The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).”

Starting today, Microsoft will pay up to $40,000 for critical remote code execution and privilege escalation security flaws, as well as $30,000 for critical security feature bypasses, and up to $20,000 for critical remote denial-of-service bugs.

The .NET bug bounty program has also expanded to better cover .NET framework vulnerabilities, and it now includes:

  • All supported versions of .NET and ASP.NET,
  • Adjacent technologies such as F#,
  • Supported versions of ASP.NET Core for .NET Framework,
  • Templates provided with supported versions of .NET and ASP.NET Core,
  • GitHub Actions in the .NET and ASP.NET Core repositories.

​Earlier this year, Microsoft raised bounty awards to $30,000 for AI vulnerabilities found in Power Platform and Dynamics 365 services and products.

In February, it announced increased payouts for moderate-severity Microsoft Copilot (AI) security flaws and a 100% award multiplier for all Copilot bounty awards to incentivize AI research.

During last year’s Ignite annual conference, Microsoft also launched the Zero Day Quest, a hacking event focusing on cloud and AI products and platforms, and offering $4 million in rewards.

These efforts are part of the company’s Secure Future Initiative (SFI), a company-wide cybersecurity engineering plan launched in November 2023, following a scathing report issued by the Department of Homeland Security’s Cyber Safety Review Board, which stated that Microsoft’s “security culture was inadequate and requires an overhaul.”

Wiz

Contain emerging threats in real time – before they impact your business.

Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide.

You Might Also Like

From Malin to Mizen Head: Public Urged to Help Create the Largest Archive of Photos of the Northern Lights

Vodafone, AST SpaceMobile pick German base for Europe constellation

ChatGPT Atlas vs Google Chrome: A Detailed Comparison for 2025

Find and remove viral AI notetakers with Nudge Security

Samsung Galaxy Tab A11 £99 in Early Black Friday Deal

TAGGED: , , , , ,
Share This Article
Previous Article Cincinnati signed TE Noah Fant to a one-year deal for the 2025 season
Next Article Why the AI Boom Won’t End Like the Dotcom Bubble
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -

Latest News

From Malin to Mizen Head: Public Urged to Help Create the Largest Archive of Photos of the Northern Lights
Tech News
Today in History: November 8, Florida election recount begins
World News
DJI Offloads Premium Mic Mini Bundle, Now Cheaper Than Budget No-Name Alternatives
Gaming News
Beyond the beaches: How the Philippines is redefining the idea of paradise
Travel
Cornell University reaches deal with Trump administration to restore federal funding for research
World News
Public Service Unions Sue Federal Government Over ‘Loyalty Question’ on Hiring Forms
Politics
Israel says body of Lior Rudaeff has been returned from Gaza
World News
Lost your password?