Microsoft announces $250,000 bounty program for Spectre and Meltdown vulnerabilities

Microsoft yesterday announced a limited time bounty program for speculative execution side channel vulnerabilities. Speculative Execution Side Channels are a hardware vulnerability class that affects CPUs from multiple manufacturers including Intel and AMD. The recent Spectre and Meltdown issues come under this category. Microsoft is announcing this bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this type of issues. Through this program, security researchers can earn up to $250,000 by submitting speculative execution side channel vulnerabilities and mitigation bypasses that affect Microsoft’s latest Windows and cloud platforms. This bounty program will end on December 31, 2018. You can find the bounty details below.

 Tier Payout (USD)
Tier 1: New categories of speculative execution attacks Up to $250,000
Tier 2: Azure speculative execution mitigation bypass Up to $200,000
Tier 3: Windows speculative execution mitigation bypass Up to $200,000
Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary Up to $25,000

Learn more about this program here.

Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.