Monday, April 6, 2026
Latest:
Computer

Microsoft’s New Push to Tackle Security Vulnerabilities

admin


Microsoft introduced a major shift to its security strategy with a new bug bounty model called In Scope by Default. The change signals a stronger commitment to protecting users, raising transparency for researchers, and closing long-standing gaps in vulnerability eligibility.

In Scope by Default Model Announced As A Plan To Tackle Security Vulnerabilities

Announced by Tom Gallagher from the Microsoft Security Response Center during Black Hat Europe, the policy places all Microsoft online services under bounty eligibility automatically. This includes flaws found in third-party components and open-source code running inside those services.

Gallagher highlighted Microsoft’s new stance with a clear message:

“Starting today, if a critical vulnerability has a direct and demonstrable impact to our online services, it’s eligible for a bounty award. Regardless of whether the code is owned and managed by Microsoft, a third-party, or is open source, we will do whatever it takes to remediate the issue.”

The update fixes a major limitation of previous programs, where only selected products qualified for rewards. Now, every newly launched service enters the bounty scope immediately, encouraging faster community engagement and early vulnerability discovery.

Key takeaways from the new policy:

  • Critical vulnerabilities affecting online services qualify for bounty payouts.
  • Microsoft will offer rewards even if no specific bounty program previously covered the product.
  • The initiative encourages research in high-risk areas and simplifies eligibility rules for security researchers.
  • All participants must follow Microsoft’s responsible disclosure guidelines.

With this shift, Microsoft aims to strengthen security across its cloud ecosystem and give researchers clearer incentives to expose dangerous bugs before attackers do.

In other security news, with the latest update, Windows now warns you about risky PowerShell scripts.

Milan Stanojevic

Milan Stanojevic
ShieldShield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.

Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.


Readers help support Windows Report. We may get a commission if you buy through our links.
Tooltip IconTooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more



Source link

You May Also Like

Microsoft 365 outage takes down admin center in North America

admin

Microsoft Warns of “Payroll Pirate” Phishing Attacks Targeting US Universities and Workday Systems

admin

Windows 11’s New Memory Diagonstics Feature Notifies For a Quick Memory Scan After Unexpected Restart

admin