Microsoft awards $100,000 to single researcher in Windows 8.1 bounty program
Microsoft has awarded $100,000 to James Forshaw, a security researcher at Context Information Security, for coming up with a new exploitation technique around the built-in protections of Windows 8.1. The announcement was made on Microsoft's BlueHat blog and marks the second payout since the company kicked off its first bounty programs earlier this year -- the first involved IE 11 and totaled $28,000 paid out to six security researchers.
The company isn't detailing the exploit until it is fully addressed. Coincidentally, Microsoft notes one of its own engineers found a variant of the attack that Forshaw reported, but his submission “was of such high quality and outlined some other variants” that they thought it deserved the maximum payment for new attack techniques.
Forshaw was also among the group of researchers who cashed in on the IE11 Preview Bug Bounty, bringing his total earnings up to $109,400. Not a bad week indeed. The Australian researcher has been credited with identifying several dozen software security bugs at similar events, including a $20,000 bounty from HP’s TippingPoint for exploiting Oracle's Java software at Pwn2Own.
Microsoft explains that payouts for new mitigation bypass techniques are far more generous than traditional bug exploits because learning about them helps the company develop defenses against entire classes of attack.
Commenting on the approach, Context Security’s Forshaw said, “Microsoft’s Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offense to defense. It incentivizes researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count.”
The company is also running a separate program called BlueHat Bonus for Defense that will award up to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission.
The Microsoft Surface Pro offers the flexibility of a Windows 8-based tablet as well as an ultrabook-like computer. The Surface Pro is powered by a Core i5 with Intel HD Graphics 4000, 4GB of RAM, USB 3.0, and a miniDisplayPort. It also comes with a pressure-sensitive stylus with palm-rejection technology that magnetically clips to the charging port, and a Full HD (1920 x 1080) display instead of the 1366 x 768 variety on the ARM-based model.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.