Black Hat Not that many moons ago, Microsoft was seemingly reluctant to open a bug bounty program. It also once described Linux as a cancer. Now it claims to love Linux, and is offering bounties on bugs. How times change.
On Wednesday, Redmond not only reiterated its offer of oodles of cash in exchange for details of exploitable vulnerabilities in Hyper-V, it went as far as telling hackers the best places to look for lucrative mistakes in its hypervisor software.
In a presentation at this year's Black Hat USA conference in Las Vegas, Microsoft security engineers Joe Bialek and Nicolas Joly spent nearly an hour going through the defense mechanisms and architecture within Hyper-V, and suggesting the best areas to hunt for programming blunders. The Windows hypervisor is also, for what it's worth, documented in various levels of detail here and here and here.
If someone can find a way to exploit Hyper-V, they could be looking at a $250,000 payout – and Bialek said Microsoft would be keen to cough up.
“Finding bugs in Hyper-V is very hard,” he told the crowd, “so we pay out the maximum bounty more often than not for them.”
Microsoft adds all of Windows – including Server – to extended bug bounty programREAD MORE
He advised hackers not to spend too much time on the hypervisor itself. Rather, a much more promising area is the root partition, aka the parent partition, as this has access not only to physical memory, it has control over devices, and is responsible for services used by software in other partitions on the system. What Redmond calls a partition, you could call a virtual machine instance.
The root partition also implements emulated hardware as well as providing paravirtualized networking, storage, video, and PCI devices, which makes it a crucial and inviting component.
The low-level communications channels between partitions and the hypervisor are also worth exploring – particularly the VMBus, which is a high-speed software interface between partitions and the root partition which has all those goodies inside it.
The duo acknowledged there are still a few bugs to be found – all code has flaws, and more than 40 have been discovered in the past year in Hyper-V. There are bounties for all kind of vulnerabilities with the software, with rewards ranging from $5,000 up to the quarter-of-a-million jackpot, and you can check out the full list, here. Good luck. ®