Microsoft Pays Out $100,000 for Windows 8.1 Flaw
That's a lot of moolah.
Cast your mind back to June and you might remember that Microsoft put out a bounty for flaws in Windows 8.1 and Internet Explorer 11. The company promised direct cash payments for those who could provide truly novel exploitation techniques built into Windows 8.1 Preview. Redmond promised up to $100,000.
Six months down the line, the company is paying the piper. The company updated its BlueHat blog, congratulating James Forshaw for coming up with a new exploitation technique. Forshaw is a security vulnerability researcher with Context Information Security and had already found design-level bugs in IE11 (in other words, this may be the biggest payment he's gotten from Microsoft, but it's not his first).
"The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack," Microsoft said today. "This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."
Unfortunately, Microsoft won't go into the details of Forshaw's exploit (it has to address the issue first), but the company did say that one of its own engineers also found a variant of this class of attack technique. Microsoft says it's already paid out over $128,000 thanks to its bounty programs. You can check out the guidelines for taking part here.
Follow Jane McEntegart @JaneMcEntegart. Follow us @tomshardware, on Facebook and on Google+.

Agree with the first comment, also:
- no rounded corners for windows
- no tabs for file browser, its 2013 mind you
- using windows updates it downloads and updates only crippled(no OpenGL) versions of proprietary video drivers
- majority of net cards, wifi dongles, printers, video cards(vesa is your friend right?) etc don't work without installing drivers from disks, so crap out of the box experiance after install
- need an antivirus to work unless you will tolerate switching from user account to administrative for installing programs and run some of them. And don't forget to switch off all services that might be used to brich your system, noone wants to be part of botnet(at the very least)
- windows market is useless for real software because of license issues, so you still have to use internet browser to search and install most of the software
- permissions on maximum user amount that can connect to non server version
- console is outdated, you can't do anything with it, you don't even have utilits for the basic stuff
- no way to setup and manage ram disk
- file names aren't case sensetive
- doesn't support other file systems
I am sure there're more but i am fine with $1 100 000.
Yes, i know most of this can be fixed(legally and not) with 3rd party $oftware but other OSes have that for free out of the box. And even though MS copied alot out there there is still a huge room to grow(copy).
Fixing major security flaws before general release is a bad thing? Or were you referring to the comments section?
Most of the stuff you write there doesn't have anything to do with M$ or is a security flaw.
- No rounded corners -> The change the style as they please. It's not because XP/Vista/7 had rounded corners that it still needs them.
- No tabs -> Depends on what you mean by tabs
- cripled versions of video drivers -> Why would you use windows update for drivers? To get the latest drivers you always go to the manufacturers' site.
- Majority of net cards [...] -> Same as above, the manufacturer's site is the best source for drivers
- Need antivirus to work -> Apparently you never used a good antivirus? A good antivirus does work. Also it is better to use a restricted account instead of an admin account for most things and no one should be admin. When using those 'regular' accounts instead of admin accounts, M$ allows you to enter the admin password with the UAC when the admin permission is needed for a program or something.
- Windows market being useless -> Real software such as Adobe or other stuff have a license for a reason. Open-source programs are never as good as the real but I agree that they are as functionnal.
- Permission on maximum user amount -> I don't understand that one
- Console is outdated -> I agree. There is however the PowerShell that replaces the basic console.
- No way to setup ram disk -> True
- File names aren't case sensitive -> I agree that they should be.
- Doesn't support other file systems -> Not sure I agree with that one as I haven't tested it but it would suprise me.
Yahoo, I'm looking at you.
With the speed of SSD these days, who needs a RAMdrive? Yes, I used them a lot in the Dos 6.33 days, and into windows 3.11 For Workgroups.
Filename case sensitivity? ROFLMAO. Do you know how much of a frustration that would be for general / casual computer users?
Windows market being useless? Not sure I understand what you are getting at there. The windows market is the largest market around, and most of the software written out in the world is written for the windows market. I'm fairly hard pressed to find software for my Mac / *nix systems that compares to the offerings in the windows market.
With the speed of SSD these days, who needs a RAMdrive? Yes, I used them a lot in the Dos 6.33 days, and into windows 3.11 For Workgroups.
Filename case sensitivity? ROFLMAO. Do you know how much of a frustration that would be for general / casual computer users?
Windows market being useless? Not sure I understand what you are getting at there. The windows market is the largest market around, and most of the software written out in the world is written for the windows market. I'm fairly hard pressed to find software for my Mac / *nix systems that compares to the offerings in the windows market.
I know, the hate flow. I am not using Windows for years already excluding the times when my friends want me to help them. But i never dig too much as i am not interested though even for a little time some things are annoying!
- Round corners look more pleasant - less disturbing, that why it was good decission for previous MS OS but now they throw it away and you notice this crap. Airo changed and doesn't have nice effect anymore. I'll ask if its easily changable but for now it means that default looks ugly.
- No its not, tabs in file browser can only mean one thing - tabs. Its really annoying that explorer doesn't have such feature in 2013. All good filebrowsers have those for years already.
- Why would MS do it in the first place? Companies tend to do it for preinstall OS and this is default feature MS pushes to you. Most of my friends are in 3D stuff and when Windows gladly installed drivers for videocard they get happy but when they opened their programs they became sad. It was 7 but i am sure 8 is no better in this department.
- Uh, no. Why do some OSes already have drivers for huge spectre of hardware parts and peripherals? They already have those drivers. I can understand closed source but almost all drivers excluding videocards and some wifi chips have them opened. Windows weights so much yet propose so little.
- No, if user is under admin and have antivirus and firewall enabled he can still install bad software and help some botnet doing things. I was solving such issues, they do exist because user knows that there're some programs(or some parts of them) that will interfere with defence program but are needed. So if Windows asks for permission and defence program(no matter how good) asks what do with it they say "pass it, i need this program". Noone is crippling your files, those days are gone, right now your pc is either helping so crack some passwords, used for DDoS attack or bitcoin mining.
"When using those 'regular' accounts instead of admin accounts, M$ allows you to enter the admin password with the UAC when the admin permission is needed for a program or something." Including installing programs?
Yes, people should use user account for doing things and not install some crap. And i believed some long time ago that all humans are smart PC users, they're not, even in 2013 they do those stupid mistakes.
- Opensource is majority, and almost all small but useful programs are both opened and free. The letter doesn't matter for the market but the first one should be enough to include it. Not much is included though. They try babysteps in repository direction in 2013 *facepalm*
- It means only set count of users can simultaniously connect to your pc. They also have different numbers for printers and everything else. Thats how they sell their Server editions to people who is not using Windows infrastracture and need it just for a few Windows-only programs on virtual machine. If you 'hack' Windows you can surely have those features but it is as illegal as pirating, there is no difference by the law.
- Console. thats why i said that most of those features can be installed later but such thing is too useful not include it, even though it can't hold a candle to simplicity of other OSes applied to it it should be there by default because otherwise it tends to complicate some things.
- No other FS aside from FAT and NTFS is supported. You can use ext3 through very crap means to the point its unusable and thats all i can remember.
@Rhinofart
I am not talking about RAMDrive, those things were always expensive. I am talking about using your RAM as a drive, its useful on many occasions including usage with SSD.
There is no frustration, this feature is natural. Just because Microsoft taught that its not doesn't mean they stand true.
I am not sure what software are you talking about but *nix systems have alot of only *nix software, obviously finding the same one for Windows would be nigh to impossible. But some simple software that was tested by enterprise companies is in *nix and free while Windows have "who knows?" who wrote the software, made it closed source(possible trojan?) and charged some money even though it has alot of bugs that *nix conterpart doesn't have. Using RAM as file system is a good example.