Microsoft to hackers: Finding Hyper-V bugs is hard. Change my mind. PS: Here's a head start...

Prove us wrong, kids, and bag $250,000

Black Hat Not that many moons ago, Microsoft was seemingly reluctant to open a bug bounty program. It also once described Linux as a cancer. Now it claims to love Linux, and is offering bounties on bugs. How times change.

On Wednesday, Redmond not only reiterated its offer of oodles of cash in exchange for details of exploitable vulnerabilities in Hyper-V, it went as far as telling hackers the best places to look for lucrative mistakes in its hypervisor software.

In a presentation at this year's Black Hat USA conference in Las Vegas, Microsoft security engineers Joe Bialek and Nicolas Joly spent nearly an hour going through the defense mechanisms and architecture within Hyper-V, and suggesting the best areas to hunt for programming blunders. The Windows hypervisor is also, for what it's worth, documented in various levels of detail here and here and here.

If someone can find a way to exploit Hyper-V, they could be looking at a $250,000 payout – and Bialek said Microsoft would be keen to cough up.

“Finding bugs in Hyper-V is very hard,” he told the crowd, “so we pay out the maximum bounty more often than not for them.”

Microsoft adds all of Windows – including Server – to extended bug bounty program


He advised hackers not to spend too much time on the hypervisor itself. Rather, a much more promising area is the root partition, aka the parent partition, as this has access not only to physical memory, it has control over devices, and is responsible for services used by software in other partitions on the system. What Redmond calls a partition, you could call a virtual machine instance.

The root partition also implements emulated hardware as well as providing paravirtualized networking, storage, video, and PCI devices, which makes it a crucial and inviting component.

The low-level communications channels between partitions and the hypervisor are also worth exploring – particularly the VMBus, which is a high-speed software interface between partitions and the root partition which has all those goodies inside it.

The duo acknowledged there are still a few bugs to be found – all code has flaws, and more than 40 have been discovered in the past year in Hyper-V. There are bounties for all kind of vulnerabilities with the software, with rewards ranging from $5,000 up to the quarter-of-a-million jackpot, and you can check out the full list, here. Good luck. ®

Other stories you might like

  • Microsoft unveils Android apps for Windows 11 (for US users only)

    Windows Insiders get their hands on the Windows Subsystem for Android

    Microsoft has further teased the arrival of the Windows Subsystem for Android by detailing how the platform will work via a newly published document for Windows Insiders.

    The document, spotted by inveterate Microsoft prodder "WalkingCat" makes for interesting reading for developers keen to make their applications work in the Windows Subsystem for Android (WSA).

    WSA itself comprises the Android OS based on the Android Open Source Project 1.1 and, like the Windows Subsystem for Linux, runs in a virtual machine.

    Continue reading
  • Software Freedom Conservancy sues TV maker Vizio for GPL infringement

    Companies using GPL software should meet their obligations, lawsuit says

    The Software Freedom Conservancy (SFC), a non-profit which supports and defends free software, has taken legal action against Californian TV manufacturer Vizio Inc, claiming "repeated failures to fulfill even the basic requirements of the General Public License (GPL)."

    Member projects of the SFC include the Debian Copyright Aggregation Project, BusyBox, Git, GPL Compliance Project for Linux Developers, Homebrew, Mercurial, OpenWrt, phpMyAdmin, QEMU, Samba, Selenium, Wine, and many more.

    The GPL Compliance Project is described as "comprised of copyright holders in the kernel, Linux, who have contributed to Linux under its license, the GPLv2. These copyright holders have formally asked Conservancy to engage in compliance efforts for their copyrights in the Linux kernel."

    Continue reading
  • DRAM, it stacks up: SK hynix rolls out 819GB/s HBM3 tech

    Kit using the chips to appear next year at the earliest

    Korean DRAM fabber SK hynix has developed an HBM3 DRAM chip operating at 819GB/sec.

    HBM3 (High Bandwidth Memory 3) is a third generation of the HBM architecture which stacks DRAM chips one above another, connects them by vertical current-carrying holes called Through Silicon Vias (TSVs) to a base interposer board, via connecting micro-bumps, upon which is fastened a processor that accesses the data in the DRAM chip faster than it would through the traditional CPU socket interface.

    Seon-yong Cha, SK hynix's senior vice president for DRAM development, said: "Since its launch of the world's first HBM DRAM, SK hynix has succeeded in developing the industry's first HBM3 after leading the HBM2E market. We will continue our efforts to solidify our leadership in the premium memory market."

    Continue reading

Biting the hand that feeds IT © 1998–2021