You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Microsoft is dangling some big time payment awards to researchers who are able to find speculative execution flaws that are similar in nature to Spectre and Meltdown. As part of a temporary addition to its bug bounty program, researchers stand to earn up to $250,000 for the discovery of certain vulnerabilities.
"Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods. This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues," Microsoft stated in a blog post.
There are four tiers of bugs that Microsoft is interested in, each with a substantial financial award. Here's a breakdown:
- Tier 1: New categories of speculative execution attacks.
- Tier 2: Azure speculation execution mitigation bypass.
- Tier 3: Windows speculative execution mitigation bypass.
- Tier 4: Instance of a known speculative execution vulnerability in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary.
Researchers can earn up to $250,000 for Tier 1 bugs, up to $200,000 for Tiers 2 and 3, and up to $25,000 for Tier 4.
It makes sense that Microsoft would be wiling to pay hefty sums for these types of attacks. The industry at large has been scrambling to deal with Spectre and Meltdown, and in the rush to patch things up, some of the early mitigations have caused problems. Intel, for example, released microcode updates that caused some systems to experience random reboots. Likewise, some of the early patches that Microsoft doled out ended up bricking older AMD PCs.
With its temporarily expanded bug bounty program, Microsoft appears to be trying to get out in front of the situation. The new tiers and payout schedule is open until December 31, 2018.
Intel, meanwhile, is redesigning its future processors to mitigate Spectre and Meltdown specifically. The first of these will be a batch of upcoming 8th generation processors released in the second half of this year, along with next-generation Xeon chips based on Cascade Lake. These will "introduce new levels of protection through partitioning."
