Speculative Execution Bounty Launch
Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.
Quick Facts:
- Bounty Duration: Open until December 31, 2018
- Full Details: Speculative Execution Bounty Program
- Bounty Terms: Standard terms and conditions apply
- Bounty Tiers: (below)
Tier | Payout (USD) |
Tier 1: New categories of speculative execution attacks | Up to $250,000 |
Tier 2: Azure speculative execution mitigation bypass | Up to $200,000 |
Tier 3: Windows speculative execution mitigation bypass | Up to $200,000 |
Tier 4: Instance of a known speculative execution vulnerability (such as CVE-2017-5753) in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary | Up to $25,000 |
Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods. This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues. Tier 1 focuses on new categories of attacks involving speculative execution side channels. To help the community better understand what is currently known amongst the industry, our Security Research & Defense team has published blog with additional information. Tiers 2 and 3 focus on identifying possible bypasses for mitigations that have been added to Windows and Azure to defend against the attacks that have been identified. Tier 4 covers exploitable instances of CVE-2017-5753 or CVE-2017-5715 that may exist.
Speculative execution side channel vulnerabilities require an industry response. To that end, Microsoft will share, under the principles of coordinated vulnerability disclosure, the research disclosed to us under this program so that affected parties can collaborate on solutions to these vulnerabilities. Together with security researchers, we can build a more secure environment for customers.
Phillip Misner
Principal Security Group Manager
Microsoft Security Response Center