Microsoft bug bounty expands to critical flaws across online services
Security Tool/Service
Summary
Hide ▲
Show ▼
Microsoft expanded its bug bounty program to pay for critical vulnerabilities that directly affect any of its online services, increasing incentives to surface flaws before attackers exploit them. The program now covers issues in Microsoft, third-party, and open-source code when they impact those services. New services are now in scope as soon as they are released, widening coverage across Microsoft's online footprint.
Related Happenings
Microsoft extends Windows 10 ESU consumer coverage through October 2027
Security Tool/Service
H score11
First: 25.06.2026 21:29
Last: 25.06.2026 21:29
Sources 1
About this happening:
**Microsoft** quietly extended the **Windows 10 Extended Security Updates (ESU)** program for **personal devices** by **one additional year**, keeping critical security update cov...
Microsoft extends Windows 10 ESU consumer coverage through October 2027
Security Tool/ServiceAbout this happening: **Microsoft** quietly extended the **Windows 10 Extended Security Updates (ESU)** program for **personal devices** by **one additional year**, keeping critical security update cov...
Microsoft hit by cyberattack
Incident
H score68
First: 09.06.2026 18:42
Last: 09.06.2026 18:42
Sources 1
About this happening:
A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Microsoft hit by cyberattack
IncidentAbout this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...
Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office
Trend
H score19
First: 19.05.2026 17:00
Last: 19.05.2026 17:00
Sources 1
About this happening:
Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...
Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office
TrendAbout this happening: Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...
Microsoft May 2026 Patch Tuesday release
Security Patch Release
H score44
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Latest development: 01.06.2026 15:30
Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.
Microsoft security patch release for CVE-2026-41089
Security Patch Release
H score43
First: 13.05.2026 00:46
Last: 13.05.2026 00:46
Sources 1
About this happening:
**Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Microsoft security patch release for CVE-2026-41089
Security Patch ReleaseAbout this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Timeline
-
11.12.2025 18:00 2 articles · 7mo ago
Microsoft expands bug bounty coverage for critical service-impacting vulnerabilities
Initial DisclosureMicrosoft expanded its bug bounty program to pay security researchers for critical vulnerabilities with a direct, demonstrable impact on Microsoft online services, including issues in third-party and open-source dependencies. New services are now in scope as soon as they are released, broadening coverage across Microsoft's online service footprint.
Show sources
- Microsoft bounty program now includes any flaw impacting its services — www.bleepingcomputer.com — 11.12.2025 18:00
- Microsoft bounty program now includes any flaw impacting its services — www.bleepingcomputer.com — 11.12.2025 18:00