Digital Trends
Computing

Microsoft will pay you up to $250,000 to find Spectre-like flaws

Mark Coppock
By

If you know how to test hardware and software and how to identify vulnerabilities in them, then there’s some real money to be made. Some manufacturers and developers will pay tons of cash to anyone who can pick out defects in their products that can lead to system breaches — all it takes is some know-how and a little patience. Microsoft is one such company, and it’s now paying up to $250,000 for identifying vulnerabilities related to Meltdown and Spectre.

In case you’ve forgotten, these two vulnerabilities have been causing quite a stir over the last several months. They impact almost all CPUs in use today to one extent or another, including Intel, AMD, and ARM processors going back a decade or so. Fixing the bugs, which involve “speculative execution” that is used to speed up processing, has caused system crashes, reboots, and poor performance, and Intel in particular has struggled to create a stable solution.

Microsoft has now added those kinds of vulnerabilities to its bug bounty program. Phillip Misner, principal security group manager for Microsoft’s security response center, describes the new bounty:

“Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods. This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues. Tier 1 focuses on new categories of attacks involving speculative execution side channels.”

There are four tiers in the Speculative Execution Bounty Program, as follows:

  • Tier 1: New categories of speculative execution attacks, up to $250,000
  • Tier 2: Azure speculative execution mitigation bypass, up to $200,000
  • Tier 3: Windows speculative execution mitigation bypass, up to $200,000
  • Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary, up to $25,000

Microsoft will be sharing whatever research is uncovered by the bounty program. This will allow collaboration between all of the involved parties to create solutions to the vulnerabilities and create a more secure environment for users.

If you’re someone who knows how to dig into systems and find flaws, then you’ll want to take a look at Microsoft’s standard terms and conditions for its bug bounty programs. There’s some real money to be made, and so you can gain some financial benefit to go with the good feelings that come with bringing some better security to our computing lives.

Editors' Recommendations

Don't Miss

Windows Update not working after October 2018 patch? Here's how to fix it
Up Next

Documents show Amazon isn’t playing the same game as Netflix, and never was
huawei mate 20 review dt
Mobile

Huawei has a bold Plan B should tensions affect its software relationships

Huawei has its own software for smartphones and computers prepared, should its relationship with Google and Microsoft be adversely affected by ongoing tensions between it and the U.S..
Posted By Andy Boxall
Xbox One S
Gaming

How do the revised Xbox One and PlayStation 4 consoles stack up?

Microsoft's new Xbox One S and Sony's PlayStation 4 "Slim" have bucked the generational gaming console trend. But which of these stopgap systems is worth spending your paycheck on?
Posted By Steven Petite
Crunch Culture | Rockstar Games
Gaming

These are the must-have games that every Xbox One owner needs

More than four years into its life span, Microsoft's latest console is finally coming into its own. From Cuphead to Halo 5, the best Xbox One games offer something for players of every type.
Posted By Gabe Gurwin
How to get Microsoft Office for free
Computing

Tired of paying a monthly fee for Word? The best Microsoft Office alternatives

Looking for a competent word processor that isn't Microsoft Word? Thankfully, the best alternatives to Microsoft Office offer robust features, expansive compatibility, and an all-too-familiar aesthetic. Here are our favorites.
Posted By Nick Hastings
YouTube Variable Speed
Computing

Here's how to download a YouTube video to watch offline later

Learning how to download YouTube videos is easier than you might think. There are tools you can use both online and offline. This step-by-step guide will instruct you on how to use them.
Posted By Jon Martindale
RTX 2080
Computing

Nvidia’s rumored 7nm Ampere graphics could debut next week, but not for gamers

Nvidia's next-generation 7nm Ampere graphics could debut as early as next week at the GTC show as part of an effort to catch up to rival AMD, which announced a competing 7nm Radeon GPU earlier this year.
Posted By Chuong Nguyen
skypes new blur background feature could help save your blushes skype
Computing

Latest Skype preview now lets you chat with up to 50 people on a video call

The latest beta version of Skype is introducing an ability to enter a video call with up to 50 people, a change from the current public version which has a maximum limit of 25 participants.
Posted By Arif Bacchus
Gregory Bryant, Intel senior vice president in the Client Computing Group, displays a “Lakefield” reference board during Intel Corporation’s news event at CES 2019 on Jan. 7, 2019, in Las Vegas.
Computing

Intel’s next-gen Comet Lake processors will reportedly arrive with 10 cores

Intel may give its next-generation desktop processor, known by its Comet Lake code name, a maximum of 10 cores, according to code found within the company's Linux drivers. Laptop CPUs will reportedly top out with six cores.
Posted By Chuong Nguyen
ibms scott crowder on the infancy of quantum computers ibm a computer 1
Emerging Tech

It’s not time travel, but scientists can turn back clock on a quantum computer

Physicists have demonstrated that they can wind back the clock on a quantum computer a fraction of a second. Don't get too excited about the prospect of human time travel any time soon, though.
Posted By Luke Dormehl
western digital wd blue sn500 ssd
Computing

Western Digital’s $55 solid-state drive gives new life to your aging PC

Western Digital is hoping that you'll pick up one of its affordable WD Blue SN500 solid-state drives to give your aging PC more storage and a speed boost. WD's NVMe-based drives are up to three times faster than older SATA SSDs.
Posted By Chuong Nguyen
Playing a DVD on Windows 10
Computing

Give your discs some extra life by watching DVDs and Blu-rays on Windows 10

Popped a disc into your Windows machine but feel lost without Media Center? You're not alone. But don't fret, with just a few tips you can learn how to watch DVDs and Blu-rays for free in Windows 10 in no time.
Posted By Jon Martindale
Canon ImageClass MF232W
Deals

Walmart slices price on Canon ImageClass MF232W Wi-Fi laser printer

If you don’t need color printing, a monochrome laser printer like the Canon ImageClass MF232W can save you a lot of time and money. This beefy all-in-one Wi-Fi printer is on sale from Walmart for almost half off, letting you score it for…
Posted By Lucas Coll
Lenovo ThinkPad X1 Carbon (2018) review
Computing

Is 14 inches the perfect size for a laptop? These 4 laptops might convince you

If you're looking for the best 14-inch laptops, there are a number of factors to consider. You want good battery life, an attractive screen, solid performance, and a good build. Our favorites that do all that and more.
Posted By Jon Martindale
best mechanical keyboards corsair k95 2
Gaming

Get Corsair’s best mechanical keyboard at a decent discount

From March 17 to 23, you can get one of the best mechanical keyboards around at a great price. The Corsair K95 RGB Platinum is normally $200, but this week you can pick one up from Amazon for $160.
Posted By Steven Petite