Microsoft is launching a limited-time bounty program for speculative execution side channel vulnerabilities - bugs that are similar to the Meltdown and Spectre CPU flaws.
This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. Microsoft is launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.
The bounty will be open until December 31, 2018. Bounty Tiers:
|Tier 1: New categories of speculative execution attacks||Up to $250,000|
|Tier 2: Azure speculative execution mitigation bypass||Up to $200,000|
|Tier 3: Windows speculative execution mitigation bypass||Up to $200,000|
|Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary||Up to $25,000|
Tier 1 focuses on new categories of attacks involving speculative execution side channels. Microsoft's Security Research & Defense team has published a blog with additional information.
Tiers 2 and 3 focus on identifying possible bypasses for mitigations that have been added to Windows and Azure to defend against the attacks that have been identified. Tier 4 covers exploitable instances of CVE-2017-5753 or CVE-2017-5715 that may exist.
Microsoft says it will share, under the principles of coordinated vulnerability disclosure, the research disclosed to them under this program so that affected parties can collaborate on solutions to these vulnerabilities.