Sponsored By

Microsoft Offers New Bug Bounties for Spectre, Meltdown-Type FlawsMicrosoft Offers New Bug Bounties for Spectre, Meltdown-Type Flaws

Microsoft is offering a short-term bug bounty program for speculative execution side-channel vulnerabilities and threats.

Dark Reading Staff

March 19, 2018

2 Min Read

Microsoft last week announced new bug bounties for speculative execution side-channel vulnerabilities. These vulnerabilities, of which Spectre and Meltdown were the first known examples, represent a new class of problem and Microsoft would like to know what else might be lurking in the neighborhood.

The bug bounties - on offer through December 31, 2018 - are:

Tier 1: New categories of speculative execution attacks

Up to $250,000

Tier 2: Azure speculative execution mitigation bypass

Up to $200,000

Tier 3: Windows speculative execution mitigation bypass

Up to $200,000

 

Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary

Up to $25,000

According to Microsoft, Tier 1 vulnerabilities are new attacks, Tiers 2 and 3 are techniques that get around protections already put in place against existing vulnerabilities, and Tier 4 is a demonstrating an actual successful attack method using already known vulnerabilities.

Phillip Misner, principal security group manager at the Microsoft Security Response Center, said in Microsoft's post announcing the program: "Speculative execution side channel vulnerabilities require an industry response." To that end, Microsoft says that they will share any discovered vulnerabilities and attacks with the industry in ethical, industry standard forms.

For more, read here and here.

 

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here.

About the Author(s)

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Businesswoman with ponytail in black suit and businessman in black suit with laptop sit at office desk with stack of presents, look at laptop
Endpoint Security
10 Holiday Gifts for Stressed-Out Security Pros10 Holiday Gifts For Stressed-Out Security Pros
byEricka Chickowski, Contributing Writer
Nov 30, 2023
10 Slides
Photo of a ribbon-cutting ceremony at a store grand opening
Cybersecurity Operations
Dark Reading Debuts Fresh New Site DesignDark Reading Debuts Fresh New Site Design
byKelly Jackson Higgins, Editor-in-Chief, Dark Reading
Nov 28, 2023
2 Min Read
black ride-share car with Uber logo parked halfway on sidewalk
Cyberattacks & Data Breaches
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWindsFormer Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds
byJeffrey Schwartz, Contributing Writer
Nov 28, 2023
5 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events