Skip to main content

Month Archives: June 2013

Doors Open for New Bounty Programs

Thursday, June 27, 2013

As we announced last week, Microsoft is now offering $100,000 bounties for new exploitation techniques that can bypass our latest platform-wide defenses and up to $50,000 bonus bounties for defense ideas. We’re also offering (from now until July 26) bounties of up to $11,000 for critical security issues in Internet Explorer 11 Preview.

Announcing the Microsoft Bounty Programs

Wednesday, June 19, 2013

Over the years, we’ve put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our software that we may have missed. Now we’re taking it even further.

Heart of Blue Gold – Announcing New Bounty Programs

Wednesday, June 19, 2013

Our Philosophy At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships with this community since the earliest days of Microsoft’s outreach. In the early 2000’s, Microsoft had to go through what I call “the five stages of vulnerability response grief.

New Bounty Program Details

Wednesday, June 19, 2013

Today we announced the upcoming Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty program. It’s very exciting to finally take the wraps off of these initiatives and we are anticipating some great submissions from the security research community! These programs will allow us to reward great work by researchers and improve the security of our software – all to the benefit of our customers.

EMET 4.0 now available for download

Monday, June 17, 2013

We are pleased to announce that the final release of version 4.0 of the Enhanced Mitigation Experience Toolkit , best known as EMET, is now finally available for download. You can download it from We already mentioned some of the new features introduced in EMET 4: Certificate Trust , mitigations improvement hardening , and the Early Warning Program.

Microsoft is sponsoring the Cyber Security Challenge UK

Monday, June 17, 2013

The global adoption of computing continues to draw attackers toward ever-richer targets. The latest data from the Microsoft Security Intelligence Report shows that although industry-wide vulnerability disclosures are down (and computer defenses are improved), exploit activity has actually increased in many parts of the world. See the Microsoft Security Intelligent Report (SIR) v14 for more details.

June 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Friday, June 14, 2013

Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page. We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler (MS13-050), Microsoft Office (MS13-051), and the security advisory addressing digital certificates (SA2854544). There was one question we were unable to field on the air which we answered on the Q&A page.