Microsoft is now basically acknowledging this by launching a new bug bounty program, rewarding anyone who finds Meltdown, Spectre or other similar vulnerabilities. Microsoft also refers to these as as speculative execution side channel vulnerabilities,.
You could make up to $250,000 by squashing security bugs
Microsoft is paying from $5,000 up to $250,000 depending on the severity of the vulnerability. Find below the criteria that you need to meet when discovering new vulnerabilities:
A novel category or exploit method for a Speculative Execution Side Channel vulnerability. A novel method of bypassing a mitigation imposed by a hypervisor, host or guest using a Speculative Execution Side Channel attack. For example, this could include a technique that can read sensitive memory from another guest. A novel method of bypassing a mitigation imposed by Windows using a Speculative Execution Side Channel attack. For example, this could include a technique that can read sensitive memory from the kernel or another process. A novel method of bypassing a mitigation imposed by the Microsoft Edge using a Speculative Execution Side Channel attack. For example, this could include a technique that can read sensitive memory from the Microsoft Edge content.
You have time until the end of 2018. Microsoft said the following: Speaking of security breaches, Intel recommends you shouldn’t install Spectre and Meltdown patches until everything is fixed. And if you’re worried, you could download this tool to see if your computer is vulnerable to these threats.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
