Microsoft is offering up to $250,000 for identifying bugs that are similar to the "Meltdown" and "Spectre" CPU flaws.
The offering is part of Microsoft's new limited-time bounty programme for "speculative execution" side channel vulnerabilities. The bug bounty programme is open till 31 December. Intel recently confirmed a report about a potential security flaw in its chips that is vulnerable to hacking.
According to security researchers, two CPU-level vulnerabilities "Spectre" and "Meltdown" have affected all chips made in the last two decades by Intel, AMD and AMR.
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data, which is currently processed on the computer, as highlighted by researchers from Meltdown Attack.
Following the news of the bugs getting out, all major tech players such as Microsoft, Google, Apple, including Intel, released security patches to help protect users from potential data theft.
This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field. In recognition of that threat environment change, we are launching a bounty programme to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues.Microsoft Blog
Experts have stated that the exploits are hard to detect as they do not leave traces of log files. Patches to fix Meltdown have been regularly released by Intel, Microsoft, Google, and Apple, ever since the news broke out.
It’s good to see that Microsoft is offering bounties in order to stop such attacks from taking shape in the first place. With the growing advent of digital devices, it is crucial that major technology brands look to thwart the danger of such mischievous bugs.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)