“In recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues,” Phillip Misner, principal security group manager at Microsoft, said in a post.
Microsoft spectre meltdown software#
Microsoft, for its part, has worked to release firmware and software updates for its devices featuring these CPUs. These security flaws impact processors across the board, including Intel, ARM and AMD. The vulnerabilities were thrust into the spotlight in January after it was disclosed that there are three variants of the issue, dubbed Spectre and Meltdown, that could potentially enable hackers to access users’ data. Speculative execution side channels are a hardware vulnerability class that affects CPUs from multiple manufacturers.
The limited time program is open until December 31, and offers up to $250,000 for identifying new categories of speculative execution attacks that Microsoft and other industry partners are not yet aware of. In the wake of the Meltdown and Spectre flaws, Microsoft has rolled out a new bug bounty program targeting speculative execution side channel vulnerabilities.
0 kommentar(er)
