Microsoft announces $250,000 bounty program for Spectre and Meltdown vulnerabilities

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Microsoft yesterday announced a limited time bounty program for speculative execution side channel vulnerabilities. Speculative Execution Side Channels are a hardware vulnerability class that affects CPUs from multiple manufacturers including Intel and AMD. The recent Spectre and Meltdown issues come under this category. Microsoft is announcing this bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this type of issues. Through this program, security researchers can earn up to $250,000 by submitting speculative execution side channel vulnerabilities and mitigation bypasses that affect Microsoft’s latest Windows and cloud platforms. This bounty program will end on December 31, 2018. You can find the bounty details below.

 Tier  Payout (USD)
Tier 1: New categories of speculative execution attacks  Up to $250,000
Tier 2: Azure speculative execution mitigation bypass  Up to $200,000
Tier 3: Windows speculative execution mitigation bypass  Up to $200,000
Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary  Up to $25,000

Learn more about this program here.

User forum

0 messages