Monday, July 16, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Roku Debuts Roku TV Wireless Speakers
New Windows 10 Upgrade to Bring Changes to Notepad, Edge
YouTube Copyright Match Tool Fights Content Stealing
Amazon to Compete With Cisco in Networking Equipment: report
Twitter, Facebook, Alphabet to Testify at U.S. House hearing
Google's Head Chip Designer Moves to Facebook
U.S. DoJ Indicts 12 Russian Intelligence Officers for Hacking Offenses Related to the 2016 Election
PC Shipments Grew For the First Time in Six Years During the 2Q of 2018
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, March 15, 2018
Microsoft Launches $250,000 Security Bounty


Microsoft is launching a limited-time bounty program for speculative execution side channel vulnerabilities - bugs that are similar to the Meltdown and Spectre CPU flaws.

This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. Microsoft is launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.

The bounty will be open until December 31, 2018. Bounty Tiers:

Tier  Payout (USD)
Tier 1: New categories of speculative execution attacks  Up to $250,000
Tier 2: Azure speculative execution mitigation bypass  Up to $200,000
Tier 3: Windows speculative execution mitigation bypass  Up to $200,000
Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary  Up to $25,000

Tier 1 focuses on new categories of attacks involving speculative execution side channels. Microsoft's Security Research & Defense team has published a blog with additional information.

Tiers 2 and 3 focus on identifying possible bypasses for mitigations that have been added to Windows and Azure to defend against the attacks that have been identified. Tier 4 covers exploitable instances of CVE-2017-5753 or CVE-2017-5715 that may exist.

Microsoft says it will share, under the principles of coordinated vulnerability disclosure, the research disclosed to them under this program so that affected parties can collaborate on solutions to these vulnerabilities.



Previous
Next
U.S. Sanctions Russian Cyber Actors for Cyber-Attacks        All News        Intel to Bring Hardware-based Protection to Data Center and PC Processors
U.S. Sanctions Russian Cyber Actors for Cyber-Attacks     General Computing News      Peer-to-peer App Kicked off Dofoil Coin Miner Outbreak

Get RSS feed Easy Print E-Mail this Message

Related News
FBI Says Reboot Your Router to Stop Malware Infecting 500k Devices
Roaming Mantis Malware Infects Smartphones Through Wi-fi Routers
ZooPark Android Malware Tracks all Your Phone Activities
Peer-to-peer App Kicked off Dofoil Coin Miner Outbreak
Telegram Messenger Vulnerability Spread Multipurpose Malware
Google Removed 700,000 Apps From Google Play in 2017
Fake Spectre and Meltdown Patch Pushes Malware
Malware Spread Through PornHub
Cloak and Dagger Security Hole in Android Discovered
Alleged NSA Malware Does Not Affect Microsoft Users
Preinstalled Malware May Be Targeting Your Android Phone
New Mac OS X Malware Steal Passwords, And iPhone Backups

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .