Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Microsoft Willing to Pay Up to $250,000 for Meltdown and Spectre Exploits
#1
http://news.softpedia.com/news/microsoft...0246.shtml      Microsoft Willing to Pay Up to $250,000 for Meltdown and Spectre Exploits
New bug bounty program for speculative execution
Mar 15, 2018 11:00 GMT  ·  By Bogdan Popa ·  Share:      
Microsoft has already patched Meltdown and Spectre hardware vulnerabilities, and while the company says that more mitigations would launch in the coming months, it’s also trying to make sure that no exploits would target its users.

As a result, the software giant is launching a speculative execution bounty program with huge payments for whoever finds new bugs and discloses them to Microsoft.

For example, the Tier 1 section includes new categories of speculative execution attacks, and can bring a financial reward of no less than $250,000, while those qualifying for Tier 2 and Tier 3, which refer to Azure speculative execution mitigation bypass and Windows speculative execution mitigation bypass, respectively, can earn up to $200,000.

And last but not least, researchers who disclose an instance of a known speculative executive vulnerability in Windows 10 or Microsoft Edge with the disclosure of sensitive information across a trust boundary are eligible for a $25,000 bounty.

“Speculative execution side channel vulnerabilities require an industry response.  To that end, Microsoft will share, under the principles of coordinated vulnerability disclosure, the research disclosed to us under this program so that affected parties can collaborate on solutions to these vulnerabilities.  Together with security researchers, we can build a more secure environment for customers,” Microsoft says.

Running through December 31
The new bug bounty program kicked off on March 14 and will be running through December 31, and Microsoft says that if any exploits are discovered, all details will be shared with other companies to deliver protections for all customers.

This good guy approach shows that such hardware vulnerabilities are treated with maximum priority by Microsoft and its partners, though the software giant is one of the first companies launching a bug bounty program for speculative executive exploits.

You can find the full details of the new bug bounty program here, and make sure you read the full terms of service to find out what you need to qualify for a financial reward.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws Bjyda 0 1,079 03-28-2021 , 12:06 PM
Last Post: Bjyda
  Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits tarekma7 0 1,227 03-12-2021 , 04:13 PM
Last Post: tarekma7
  Malware Exploits Security Teams' Greatest Weakness: Poor Relationships With Employees Bjyda 0 1,058 02-16-2021 , 09:15 PM
Last Post: Bjyda
  Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs mrtrout 0 1,117 11-23-2020 , 12:48 AM
Last Post: mrtrout
  Chinese APT10 hackers use Zerologon exploits against Japanese orgs mrtrout 0 999 11-18-2020 , 10:50 PM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)