Thursday, March 28, 2024
Search
  
Thursday, March 15, 2018
 Microsoft Launches $250,000 Security Bounty
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail: * Required!
Recipient (e-mail): *
Subject: *
Introductory Message:
HTML/Text
(Photo: Yes/No)
(At the moment, only Text is allowed...)
 
Message Text:

Microsoft is launching a limited-time bounty program for speculative execution side channel vulnerabilities - bugs that are similar to the Meltdown and Spectre CPU flaws.

This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. Microsoft is launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.

The bounty will be open until December 31, 2018. Bounty Tiers:

Tier  Payout (USD)
Tier 1: New categories of speculative execution attacks  Up to $250,000
Tier 2: Azure speculative execution mitigation bypass  Up to $200,000
Tier 3: Windows speculative execution mitigation bypass  Up to $200,000
Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary  Up to $25,000

Tier 1 focuses on new categories of attacks involving speculative execution side channels. Microsoft's Security Research & Defense team has published a blog with additional information.

Tiers 2 and 3 focus on identifying possible bypasses for mitigations that have been added to Windows and Azure to defend against the attacks that have been identified. Tier 4 covers exploitable instances of CVE-2017-5753 or CVE-2017-5715 that may exist.

Microsoft says it will share, under the principles of coordinated vulnerability disclosure, the research disclosed to them under this program so that affected parties can collaborate on solutions to these vulnerabilities.

 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2024 - All rights reserved -
Privacy policy - Contact Us .