Microsoft yesterday announced a limited time bounty program for speculative execution side channel vulnerabilities. Speculative Execution Side Channels are a hardware vulnerability class that affects CPUs from multiple manufacturers including Intel and AMD. The recent Spectre and Meltdown issues come under this category. Microsoft is announcing this bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this type of issues. Through this program, security researchers can earn up to $250,000 by submitting speculative execution side channel vulnerabilities and mitigation bypasses that affect Microsoft’s latest Windows and cloud platforms. This bounty program will end on December 31, 2018. You can find the bounty details below.
|Tier 1: New categories of speculative execution attacks||Up to $250,000|
|Tier 2: Azure speculative execution mitigation bypass||Up to $200,000|
|Tier 3: Windows speculative execution mitigation bypass||Up to $200,000|
|Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary||Up to $25,000|
Learn more about this program here.