Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Microsoft is willing to pay up to $40,000 to anyone who discovers a vulnerability in .NET
Many companies now run bug bounty programs to encourage the community to find security vulnerabilities in their software and report them privately to developers before hackers exploit them. Now, Microsoft has announced a major update to its .NET Bug Bounty Program , with rewards ranging from $7,000 to $40,000 for valuable discoveries.
Details of the "huge" bonus
The maximum $40,000 is only available for reporting remote code execution (RCE) or elevation of privilege (EoP) vulnerabilities rated "Critical" with full documentation. Here is the detailed classification table:
| Level of influence | Reporting quality | Critical vulnerability | Important vulnerability |
|---|---|---|---|
| Remote Code Execution (RCE) | Full | 40,000 USD | 30,000 USD |
| Incomplete | 20,000 USD | 20,000 USD | |
| Escalation of Privilege (EoP) | Full | 40,000 USD | 10,000 USD |
| Incomplete | 20,000 USD | 4,000 USD | |
| Bypass security | Full | 30,000 USD | 10,000 USD |
| Incomplete | 20,000 USD | 4,000 USD | |
| Denial of Service (DoS) | Full | 20,000 USD | 10,000 USD |
| Incomplete | 15,000 USD | 4,000 USD | |
| Data Tampering/Tampering | Full | 10,000 USD | 5,000 USD |
| Incomplete | 7,000 USD | 3,000 USD | |
| Information Leak | Full | 10,000 USD | 5,000 USD |
| Incomplete | 7,000 USD | 3,000 USD |
Extended scope of application
The program focuses on .NET, ASP.NET Core (including Blazor, Aspire), supported .NET Framework versions, included templates, GitHub Actions in the source code repository, and related technologies like F# .
Microsoft also clarified the criteria for assessing vulnerability severity and the definition of a "full" report. For more details, see Microsoft's official blog .
Do you have security skills? This could be a money-making opportunity if you discover a serious bug in the .NET platform!
Isabella HumphreyYou should read it
- Detecting a vulnerability that makes 3,000 companies using Microsoft Azure vulnerable to hackers reading data over the past 2 years
- Vulnerability in Microsoft Outlook makes users believe in phishing emails
- Serious vulnerability in Microsoft Word is being used by hackers to install malware on computers
- Microsoft urges Admin to patch PowerShell vulnerability on Windows
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
Technology story
Some features in Microsoft Office will stop working if not updated.- Reddit moves into search engine space
- Microsoft reveals why computers are blocked from upgrading from Windows 10 to Windows 11
- Gemini takes users straight to a scam site after web search
- Microsoft bans LibreOffice developer account without warning, rejects appeal
- Revealing income at Microsoft: From trainee engineer to senior expert
Some features in Microsoft Office will stop working if not updated.
Reddit moves into search engine space
Microsoft reveals why computers are blocked from upgrading from Windows 10 to Windows 11
Gemini takes users straight to a scam site after web search
Microsoft bans LibreOffice developer account without warning, rejects appeal
Revealing income at Microsoft: From trainee engineer to senior expert