Microsoft bug bounty program offers up to $250,000 for vulnerabilities like Meltdown and Spectre

Microsoft is looking to head off the next Meltdown or Spectre-like vulnerabilities with a lucrative new problems bounty program. The visitor appear this week that it will pay up to $250,000 for the discovery of new speculative execution side aqueduct vulnerabilities, the same grade of vulnerability that includes the Meltdown and Spectre exploits disclosed in January.

"Speculative execution is truly a new form of vulnerabilities, and nosotros expect that enquiry is already underway exploring new attack methods," says Philip Misner, a security group director at Microsoft's Security Response Center. "This compensation program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues."

The company is offering rewards of varying payouts across 4 tiers.

Tier 1: New categories of speculative execution attacks - Up to $250,000
Tier two: Azure speculative execution mitigation featherbed - Up to $200,000
Tier three: Windows speculative execution mitigation featherbed - Upward to $200,000
Tier 4: Instance of a known speculative execution vulnerability (such every bit CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary - Up to $25,000

Given the severity of Meltdown and Spectre, it's non surprising that Microsoft would offer significant bounties for the discovery of related vulnerabilities. The visitor says that speculative execution side channel vulnerabilities "require an industry response," and that it will share any vulnerabilities disclosed through the program with afflicted parties then that they can collaborate on a solution.

Microsoft has been active in responding to Meltdown and Spectre, first issuing an emergency Windows update not long after the vulnerabilities were disclosed. Microsoft is now helping to distribute Intel'due south microcode updates through its update catalog as well. For its office, Intel just announced that it is redesigning its upcoming processors to baby-sit against 2 of the exploit variants at the hardware level.

Nosotros may earn a commission for purchases using our links. Learn more.

Review: Surface Laptop SE is the new standard for K-8 Windows PCs

Keeping it affordable

Review: Surface Laptop SE is the new standard for Thousand-8 Windows PCs

Starting at just $250, Microsoft'southward first foray into affordable laptops for the education marketplace is a winner. With a gorgeous design, splendid thermals, and a fantastic typing experience, Microsoft would exercise right to sell this directly to consumers likewise. Allow's simply hope Intel can make a improve CPU.

Why Xbox Game Pass rightfully rejects the Spotify model

Exclusivity over saturation

Why Xbox Game Laissez passer rightfully rejects the Spotify model

Spotify is often cited every bit a doomsday example of what Xbox Game Pass could practise to the video game industry. The reality is quite the reverse, Microsoft is rejecting the Spotify model, and rightfully so.

Best deals on Xbox headsets

Our top picks for Xbox headsets below $100

Do yous fancy a new Xbox One headset? Do you fancy not spending more than $100? Let us aid! At that place's a large range of solid sound options without breaking your budget. And here are our elevation picks that we've personally used.