Microsoft rolls out new Xbox Live bug bounty program, up to $20,000 rewards

Bounties include remote code executions, elevation of privileges and more

Microsoft logo

Microsoft announced a new bug bounty program for its Xbox Live service that could net you up to $20,000 USD (approximately $26,500 CAD).

The Redmond, Washington-based company posted a description of the new bounty program along with a detailed list of what bugs it’s willing to pay for. All the items on the list are fairly significant security flaws. In other words, Microsoft will pay out for things like executing unauthorized code on its servers. Don’t expect rewards for reporting bugs like repeated disconnects from a game you play.

Specifically, Microsoft is looking for bugs including remote code execution, elevation of privileges, security feature bypasses, and more.

Further, the bounty website lays out things Microsoft isn’t interested in. That includes DDoS attacks, anything involving phishing Microsoft employees or Xbox customers or getting servers to reveal basic information like its name or internal IP address.

Rewards range from $500 USD (about $662 CAD) to $20,000 USD, depending on the exploit, severity and the quality of the report. Microsoft says that higher rewards are possible at its discretion.

Of course, this isn’t Microsoft’s first rodeo either. It has several other bounty programs, including ones for Microsoft Edge, their Windows Insider preview builds, Office 365 and more.

However, the company’s biggest bounties come from its cloud computing service, Azure. Gaining administrator access to an Azure Security Lab account, for example, could net you up to $300,000 USD (about $397,050 CAD).

Source: Microsoft Via: TechCrunch