Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft awards $374k in bounties for Azure Sphere Security Research Challenge

2 min. read

Published onOctober 7, 2020

published onOctober 7, 2020

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Since 2003, the month of October has been recognized as National Cybersecurity Awareness month and after a three-month research challenge which dovetailed into the beginning of October,Microsoft finally awarded $374,300 to the global IoT security research communityfor finding vulnerabilities in Azure Sphere.

In what Microsoft dubbed the Azure Sphere Security Research Challenge, 70 researchers from 21 countries gathered to surface security exploits in the company’s Azure Sphere and over the course of 90-days the researchers found 40 exploits, 20 of which were considered “Critical or Important severity security vulnerabilities.”

According to the Microsoft Security Response Center blog, the company broke up the bounties into two high priority research scenarios that focused on the core of the Azure Sphere OS and then six general scenarios across various levels of Azure Sphere OS. In the end, Microsoft awarded the $374,300 bounty awards across 16 eligible reports.

“Many of the vulnerabilities found during the research challenge were novel and high impact and led to major security improvements for Azure Sphere in their 20.07, 20.08 and the latest 20.09 updates, which have been automatically pushed to Azure Sphere devices that are connected to the internet to help secure Azure Sphere customers. Security researchers from McAfee ATR and Cisco Talos reported some of the highest impact vulnerabilities in Azure Sphere, especially a full attack chain developed by McAfee ATR that exposed a weakness in the cloud and multiple weaknesses on the device including a previously unknown Linux kernel vulnerability.

Obviously, there are more details regarding the specific vulnerabilities and the various executions researchers used during the bounty program and most of that info can be found at Microsoft’s Azure Sphere team blog,here.

Microsoft’s Azure Sphere represents much of the company’s efforts into IoT and with new devices and sensors coming online daily that make use of IoT platforms, we should expect to see more dedicated bounty programs pop up throughout the year.

Kareem Anderson

Networking & Security Specialist

Kareem is a journalist from the bay area, now living in Florida. His passion for technology and content creation drives are unmatched, driving him to create well-researched articles and incredible YouTube videos.

He is always on the lookout for everything new about Microsoft, focusing on making easy-to-understand content and breaking down complex topics related to networking, Azure, cloud computing, and security.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Kareem Anderson

Networking & Security Specialist

He is a journalist from the bay area, now living in Florida. He breaks down complex topics related to networking, Azure, cloud computing, and security