HomeWinBuzzer NewsMicrosoft Offers $250,000 Bug Bounty for Meltdown and Spectre-like CPU Flaws

Microsoft Offers $250,000 Bug Bounty for Meltdown and Spectre-like CPU Flaws

Microsoft will offer security researchers up to $250,000 for bugs in the same class as Meltdown and Spectre, and up to $200,000 for similar vulnerabilities in its Hyper-V virtualization software.


It's been a few months since serious CPU flaws known as Meltdown and Spectre rocked the tech world. By now, they're strongly mitigated, even if some believe hardware is the only true fix.

However, is worried that's not the end of it. were just two discovered bugs, and there could be more hiding out there. As such, the company is offering $250,000 to anybody who can discover a similar flaw.

The bugs are known as speculative execution side-channel vulnerabilities. In essence, the discovery of Meltdown and Spectre unearthed a whole new category that's yet to be fully explored.

“Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods,” explained Phillip Misner, principal security group manager at Microsoft. “This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues.”

Industry Collaboration

Despite this, the company isn't doing it for a leg up over their competitors. Naturally, the fix of any vulnerability makes for a better Windows experience, and Microsoft will be disclosing research to affected parties.

“Speculative execution side channel vulnerabilities require an industry response. To that end, Microsoft will share, under the principles of coordinated vulnerability disclosure, the research disclosed to us under this program so that affected parties can collaborate on solutions to these vulnerabilities. Together with security researchers, we can build a more secure environment for customers.” said Misner.

The bug bounty is split into four tiers. For tier 2, Microsoft is offering $200,000 for speculative execution mitigation bypasses for Azure, and tier 3 is the same but for Windows. Tier 4 has a reward of $25,000 for the of new exploits for known vulnerabilities.

Security researchers can read the full bounty details on TechNet.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News