Saturday, April 21, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
GSMA Delays eSIM Technology as U.S. DoJ of U.S. Probes Coordination With AT&T and Verizon
Apple to Replace Some MacBook Pro Laptop Batteries
ZTE's Nubia Red Gaming Phone Released
LG Display's OLED Smartphone Screens Still Not Ready For Apple
Nintendo Labo Kits Now Available
June's VLSI Symposium Focuses on Next Generation Transistor Technology and MRAM
Samsung Not Interested in Nokia's Health Unit
ZTE Says Company's Survival at Risk
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, March 15, 2018
Microsoft Launches $250,000 Security Bounty


Microsoft is launching a limited-time bounty program for speculative execution side channel vulnerabilities - bugs that are similar to the Meltdown and Spectre CPU flaws.

This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. Microsoft is launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.

The bounty will be open until December 31, 2018. Bounty Tiers:

Tier  Payout (USD)
Tier 1: New categories of speculative execution attacks  Up to $250,000
Tier 2: Azure speculative execution mitigation bypass  Up to $200,000
Tier 3: Windows speculative execution mitigation bypass  Up to $200,000
Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary  Up to $25,000

Tier 1 focuses on new categories of attacks involving speculative execution side channels. Microsoft's Security Research & Defense team has published a blog with additional information.

Tiers 2 and 3 focus on identifying possible bypasses for mitigations that have been added to Windows and Azure to defend against the attacks that have been identified. Tier 4 covers exploitable instances of CVE-2017-5753 or CVE-2017-5715 that may exist.

Microsoft says it will share, under the principles of coordinated vulnerability disclosure, the research disclosed to them under this program so that affected parties can collaborate on solutions to these vulnerabilities.



Previous
Next
U.S. Sanctions Russian Cyber Actors for Cyber-Attacks        All News        Intel to Bring Hardware-based Protection to Data Center and PC Processors
U.S. Sanctions Russian Cyber Actors for Cyber-Attacks     General Computing News      Peer-to-peer App Kicked off Dofoil Coin Miner Outbreak

Get RSS feed Easy Print E-Mail this Message

Related News
Peer-to-peer App Kicked off Dofoil Coin Miner Outbreak
Telegram Messenger Vulnerability Spread Multipurpose Malware
Google Removed 700,000 Apps From Google Play in 2017
Fake Spectre and Meltdown Patch Pushes Malware
Malware Spread Through PornHub
Cloak and Dagger Security Hole in Android Discovered
Alleged NSA Malware Does Not Affect Microsoft Users
Preinstalled Malware May Be Targeting Your Android Phone
New Mac OS X Malware Steal Passwords, And iPhone Backups
Researchers Say 1 Million Google Accounts Breached by "Gooligan"
Android Devices Vulnerable To Physical RAM Attack
Millions Of Android Devices Infected With Chinese Malware

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .