Microsoft is pleased to announce another expansion of the Microsoft Bounty Programs. Today we begin a bounty for the Nano Server installation option of Windows Server 2016Technical Preview 5. Please visit https://aka.ms/BugBounty to find more details.
Nano Server is a remotely administered, headless installation option of the server operating system. In this first release, the Nano Server deployment is focused on two scenarios:
- As the host for compute and/or storage clusters
- As a lightweight OS in a VM or container for “born in the cloud” applications.
In summary:
- All binaries included in the Nano Server configuration of Windows Server 2016 Technical Preview 5 and any subsequent Betas, Technical Previews or Release Candidates during the bounty period
- Hyper-V escapes and Mitigation Bypass vulnerabilities will be evaluated against the Mitigation Bypass Bounty instead
- The bounty will run April 29, 2016 – July 29, 2016
- Bounty payouts will range from $500 USD to $15,000 USD
These additions to the Microsoft Bounty Program will be part of the rigorous security programs at Microsoft. Bounties complement the Microsoft Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits.
As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.