Spectre and Meltdown security exploits have caused a lot of problem for Intel leaving millions of devices using Intel chips vulnerable to these exploits. While Microsoft has rolled out patches for these exploits but, is also offering up to $250,000 Bounty to those who report any new bugs or exploits related to Spectre.
However, the reward that you might earn will be based on the Tier of the Bug or exploit. Tier 1 includes speculative execution attacks and reporting these will net you $250,000.
Tier 2 includes Azure speculative execution mitigation bypass and Tier 3 represents Windows speculative execution mitigation bypass both of these can earn you up to $200,000.
Furthermore, the researchers who report a known speculative executive vulnerability in Wind 10 or Microsoft Edge along with the disclosure of the sensitive details regarding the exploit will earn $25,000 bounty.
Speculative execution side channel vulnerabilities require an industry response. To that end, Microsoft will share, under the principles of coordinated vulnerability disclosure, the research disclosed to us under this program so that affected parties can collaborate on solutions to these vulnerabilities. Together with security researchers, we can build a more secure environment for customers
This bounty program from Microsoft will continue until December 31 and Microsoft has noted that any new Spectre exploit discovered will be shared with other companies as well.
In related news, Spectre-like exploits have been discovered for AMD CPUs and according to the report, virtually all AMD CPU are vulnerable to these exploits.
An Israeli security firm has published a document detailing 13 critical Spectre-like security flaws to which Ryzen Workstation, Ryzen Pro, Ryzen Mobile, and EPYC processors are vulnerable. These security flaws are code-named Masterkey, Ryzenfall, Fallout, and Chimera.
However, these exploits might not be as effective as the CTS Lab is making them out to be and quite possibly be fake altogether due to the fact that the firm didn’t share any proof-of-concept in the report.
However, according to the firm itself, they sent out the proof-of-concept for the Spectre-like exploits to not only AMD but to other major tech companies.