Microsoft is looking to head off the next Meltdown or Spectre-like vulnerabilities with a lucrative new bug bounty program. The company announced this week that it will pay up to $250,000 for the discovery of new speculative execution side channel vulnerabilities, the same class of vulnerability that includes the Meltdown and Spectre exploits disclosed in January.
"Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods," says Philip Misner, a security group manager at Microsoft's Security Response Center. "This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues."
The company is offering rewards of varying payouts across four tiers.
- Tier 1: New categories of speculative execution attacks - Up to $250,000
- Tier 2: Azure speculative execution mitigation bypass - Up to $200,000
- Tier 3: Windows speculative execution mitigation bypass - Up to $200,000
- Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary - Up to $25,000
Given the severity of Meltdown and Spectre, it's not surprising that Microsoft would offer significant bounties for the discovery of related vulnerabilities. The company says that speculative execution side channel vulnerabilities "require an industry response," and that it will share any vulnerabilities disclosed through the program with affected parties so that they can collaborate on a solution.
Microsoft has been active in responding to Meltdown and Spectre, first issuing an emergency Windows update not long after the vulnerabilities were disclosed. Microsoft is now helping to distribute Intel's microcode updates through its update catalog as well. For its part, Intel just announced that it is redesigning its upcoming processors to guard against two of the exploit variants at the hardware level.
We may earn a commission for purchases using our links. Learn more.
Review: HP Spectre x360 14 brings the best of Spectre all into one laptop
If you take the best of HP's premium Spectre line of Ultrabooks and put it all into one laptop, you get the new Spectre x360 14. With incredible audio, an OLED display option, a pen in the box, and all the latest Intel 11th Gen features, the Spectre x360 14 is our top 2-in-1 for a good reason. Read our full review to find out why.
Join us LIVE for the Windows Central Video Podcast today at 2:30PM ET
We're LIVE with the Windows Central Video Podcast today at 2:30pm ET, make sure you're there!
Xbox Live Gold just became the worst deal in gaming
Over the past year, Microsoft phased out the 12-month $60 Xbox Live Gold option, cutting the amount of time you get for $60 in half. What is Microsoft up to here?
Best Official Minecraft Merchandise, Toys, and Gifts in 2021
Minecraft has evolved into a globally-loved gaming phenomenon, and over time, the franchise has become the subject of a lot of high-quality official merchandise. Here are some of our favorites.