Microsoft Pays Out First $100,000 Bounty For Finding Windows 8.1 Bug
Today, Microsoft announced one researcher, James Forshaw, has been awarded a whopping $100,000 for finding and reporting a new mitigation bypass exploit in Windows 8.1.
James Forshaw, who heads vulnerability research at London-based security consulting firm Context Information Security, won Microsoft’s first US$100,000 bounty for identifying a new “exploitation technique” in Windows, which will allow it to develop defenses against an entire class of attacks, the software maker said on Tuesday.
Forshaw earned another US$9,400 for identifying security bugs in a preview release of Microsoft’s Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Center, said in a blog.
“Coincidentally, one of our brilliant engineers at Microsoft, Thomas Garnier, had also found a variant of this class of attack technique. Microsoft engineers like Thomas are constantly evaluating ways to improve security, but James’ submission was of such high quality and outlined some other variants such that we wanted to award him the full $100,000 bounty,” Microsoft explained.
Microsoft has now paid out over $128,000 in bug bounties. Six “very smart people” received the prizes, said Moussouris.
Not all of them kept the cash. Ivan Fratric of the Google security team was awarded $1,100 for finding an Internet Explorer 11 (IE 11) bug, but donated it to the Save the Children Fund. Fermin Serna, also from Google, gave $500 for finding a bug in the IE 11 Preview release to the Seattle Humane Society.