Skip to main content

Microsoft offers up to $20,000 to identify security vulnerabilities in Xbox Live

When it comes to securing complex products, companies are increasingly turning to bug bounty programs to invite members of the public to find security vulnerabilities. Google’s bug bounty program handed out $6.5 million last year, and Apple recently expanded its program to cover macOS bugs as well as iOS bugs.

Now Microsoft is expanding its own bug bounty program from covering software like its Office suite and its Edge browser to also covering the Xbox Live network and services. The company will pay out rewards to anyone who can find and reproduce a security vulnerability in the Xbox Live system.

As announced in a Microsoft Security Response Center blog post, “The Xbox bounty program invites gamers, security researchers, and technologists around the world to help identify security vulnerabilities in the Xbox network and services, and share them with the Microsoft Xbox team through Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear and concise proof of concept (POC) are eligible for awards up to US$20,000.”

CVD is a policy in which researchers agree to disclose any vulnerabilities they find to the creators of the software (in this case, Microsoft) and allow the creators to manage further disclosure. Essentially, participants in the bug bounty program agree that they will turn over information about vulnerabilities to Microsoft and let Microsoft handle the closing of security loopholes and announcements to the public.

To register for the program, users must have an Xbox network account, and Microsoft recommends that they have access to an Xbox with an Xbox Game Pass or Xbox Gold as well. Once a user has identified a security vulnerability that can be reproduced in the latest, patched version of Xbox Live, they must report it in either written or video format.

Bounties range from $1,000 for a low-quality report of a vulnerability that allows tampering all the way up to $20,000 for a high-quality report of a critical vulnerability that enables remote code execution.

Denial of Service attacks are not part of the program and are prohibited, as are automated attacks that generate significant traffic. Social engineering attacks such as phishing are also not allowed.

More details about the details of the bug bounty program are available on the Microsoft website.

Editors' Recommendations

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
Microsoft pledges to bring Xbox PC games to Nvidia GeForce Now
geforce-now-og-no-text-1200x630

Microsoft has announced a 10-year partnership with Nvidia aimed at bringing Xbox PC games to its cloud gaming service competitor Nvidia GeForce Now as part of its ongoing efforts to win over companies skeptical of its potebtial Activision Blizzard acquisition.
This means that players can use Nvidia GeForce Now to play the Steam, Epic Games Store, or Windows versions of titles like Halo Infinite, Redfall, and eventually, Call of Duty through the cloud on GeForce Now. Third-party publishers with games on the Windows Store can also now grant streaming rights to Nvidia. This announcement came during a European Commission hearing where Microsoft tried to convince regulators that its impending acquisition should bne allowed.
Microsoft has been under a lot of regulatory scrutiny even since it announced its intent to acquire Activision Blizzard in January 2022. It's trying to win over industry peers with deals like this one with Nvidia. This week, the Communications Workers of America voiced its approval of the deal, and Microsoft has signed a binding agreement to bring Call of Duty to Nintendo platforms as well. Previously, Nvidia had raised concerns about Microsoft's Activision Blizzard acquisition, but the press release announcing this agreement states that the deal "resolves Nvidia's concerns," and that Nvidia now gives "full support for regulatory approval of the acquisition." 
Regulatory bodies in the U.S., U.K., and Europe are worried that Microsoft acquiring Activision Blizzard will hurt the game industry and sabotage Microsoft's competitors in both console and cloud gaming. Nvidia GeForce Now is seen as one of the biggest competitors to Xbox Game Pass Ultimate's cloud service offerings, which makes it surprising that it reached an agreement with Nvidia. However, this deal also demonstrates how Microsoft is willing to make concessions so that its acquisition of Activision Blizzard is approved.

Read more
Xbox Series X tips and tricks: how to set up your new console
Xbox Series X on a table.

There's no better feeling than booting up a new console and experiencing all the cool features and options available to you. On the flip side, some of the best parts of a console like the Xbox Series X are not automatically presented to you. You could just accept the system as it is and get used to it, but why ignore all the customization options and enhancements you could be enjoying with just a few tweaks?

We get that navigating a console's systems, especially if you're new to the ecosystem, can feel backwards and unintuitive to say the least. Rather than try and dig through layers of menus on your own, we've compiled a list of the best tips and tricks you should know about to get the most enjoyment out of your new Xbox Series X console.

Read more
The best Xbox exclusives of 2022: 6 Game Pass greats that saved Microsoft’s quiet year
Characters from Grounded stand in front of text that says 2022 Best Xbox Exclusives.

The Xbox Series X and Xbox Series S's second year on the market was rough. While the consoles continue to sell well and Xbox Game Pass is still a great deal, the delay of Redfall and Starfield into 2023 decimated the Xbox consoles' first-party 2022 lineup. While the lack of heavy-hitting AAA titles might initially make a list like this seem frivolous, Xbox Series X and Xbox Series S still had quite a few compelling exclusives.

Many of these games are highly experimental, pushing the boundaries of narratives in video games. All of the titles launched on Xbox Game Pass on day one, highlighting the strength of that subscription service. If you have an Xbox Game Pass subscription or are just wondering what 2022 Xbox exclusives are worth playing, these seven console exclusives stand out.
Immortality

Read more