Cloud Security, Vulnerability Management

Microsoft expands bug bounty program to Nano Server

Microsoft continues to expand its bug bounty program, announcing it will pay up to $15,000 for vulnerabilities found in Nano Server.

Nano Server is an installation version of Windows Server 2016 used for cloud and development. The refactored version is designed to require fewer patch updates, faster restarts, and tighter security.

The bounty program only runs until July 29, during the latest technical preview period of the Nano Server. Eligible vulnerabilities include high severity vulnerabilities in Nano Server DLLs (dynamic link library files), Nano Server remote code execution, remote unauthenticated denial of service, elevation of privilege, and other vulnerabilities.

Last month, Microsoft paid a researcher $13,000 for his discovery of a serious authentication vulnerability that affected Outlook, Azure, and Office accounts. Another researcher found a vulnerability that allowed attackers to bypass the Microsoft Windows whitelisting security feature Applocker, using the command-line utility Regsvr32 last month.

In March, Microsoft added the company's cloud-based storage service OneDrive to its bug bounty program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.