Microsoft asks – can you find new threats exploiting CPU vulnerabilities?
The other day Microsoft launched the Speculative Execution Side Channel Bounty Program beginning March 14, 2018, and the program will be running through December 31, 2018.
Microsoft offers an ample reward to anyone who can utilize CPU vulnerabilities (Speculative execution side-channel vulnerabilities / Meltdown and Spectre on Windows Platforms) in order to compromise the latest Windows and Microsoft cloud platforms with all supported mitigations in the latest builds enabled, and that fulfill the following criteria:
· Reliable: it must have a low probability of failure.
· Reasonable: it must have reasonable requirements and pre-requisites.
· Impactful: it must enable a security vulnerability (e.g. Information Disclosure) across a trust boundary.
· Latest Version: it must be applicable to the latest version of our products on the date the entry is submitted with all relevant protections enabled.
· Novel: it must be a distinct method that has not been described in prior works is not known to Microsoft or industry partners.
If this is what you want to do this weekend, please be sure to check all the details about the program here (there is also a link to an overview of all ongoing Microsoft Bounty Programs):
https://technet.microsoft.com/en-us/security/mt846432/
You can read about Meltdown and Spectre here:
https://meltdownattack.com/