Microsoft pays you $250,000 to find bugs in its programs

Radu Tyrsina By: Radu Tyrsina
2 minute read

It’s a well known thing that Windows has countless security problems. Even here, at WindowsReport, we write almost weekly about various KB bugs and other vulnerabilities.

Microsoft is now basically acknowledging this by launching a new bug bounty program, rewarding anyone who finds Meltdown, Spectre or other similar vulnerabilities. Microsoft also refers to these as as speculative execution side channel vulnerabilities,.

You could make up to $250,000 by squashing security bugs

Microsoft is paying  from $5,000 up to $250,000 depending on the severity of the vulnerability. Find below the criteria that you need to meet when discovering new vulnerabilities:

  • A novel category or exploit method for a Speculative Execution Side Channel vulnerability.
  • A novel method of bypassing a mitigation imposed by a hypervisor, host or guest using a Speculative Execution Side Channel attack. For example, this could include a technique that can read sensitive memory from another guest.
  • A novel method of bypassing a mitigation imposed by Windows using a Speculative Execution Side Channel attack. For example, this could include a technique that can read sensitive memory from the kernel or another process.
  • A novel method of bypassing a mitigation imposed by the Microsoft Edge using a Speculative Execution Side Channel attack. For example, this could include a technique that can read sensitive memory from the Microsoft Edge content.

You have time until the end of 2018. Microsoft said the following:

“Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.”

Speaking of security breaches, Intel recommends you shouldn’t install Spectre and Meltdown patches until everything is fixed. And if you’re worried, you could download this tool to see if your computer is vulnerable to these threats.

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

Discussions

Next up

Mozilla adds alerts about recently breached sites into Firefox browser

Giles Ensor avatar. By: Giles Ensor
3 minute read

Firefox has announced that it will start to warn users if they visit any breached sites. This is in an attempt to not only make […]

Continue Reading

More uncertainty for Microsoft’s Windows 10 October Update

Giles Ensor avatar. By: Giles Ensor
3 minute read

Oh dear. It’s been a pretty bad month for Microsoft concerning its Windows 10 October 1809 Update release. Microsoft eventually released the update a couple […]

Continue Reading

Confirmed: Microsoft now accepting ARM64 apps on its Store

Giles Ensor avatar. By: Giles Ensor
2 minute read

Yesterday, Microsoft released Visual Studio 15.9. With it came the announcement that “developers now have the officially supported SDK and tools for creating 64-bit ARM […]

Continue Reading