Microsoft has expanded its bug bounty programs to include monetary rewards for vulnerabilities that stem from speculative execution, a feature in modern processors that sits at the core of the Meltdown and Spectre vulnerabilities disclosed this year.
Speculative execution is a performance mechanism based on various algorithms that allow CPUs to guess in advance the path programs will take when they reach conditional branches in their programming. The CPUs will execute instructions down the paths they view as likely to be chosen before the programs actually make a decision. If their guesswork proves incorrect, data resulting from the speculative execution gets discarded and execution continues down the correct path.
The Meltdown and Spectre attacks rely on so-called side-channel techniques to extract data produced by speculative execution before it’s discarded. The researchers who discovered the flaws used CPU cache access times as the side-channel but warned in their paper that other techniques are likely possible.
......
......
......
......
