Microsoft Pays Out $100,000 for Windows 8.1 Flaw

Cast your mind back to June and you might remember that Microsoft put out a bounty for flaws in Windows 8.1 and Internet Explorer 11. The company promised direct cash payments for those who could provide truly novel exploitation techniques built into Windows 8.1 Preview. Redmond promised up to $100,000.

Six months down the line, the company is paying the piper. The company updated its BlueHat blog, congratulating James Forshaw for coming up with a new exploitation technique. Forshaw is a security vulnerability researcher with Context Information Security and had already found design-level bugs in IE11 (in other words, this may be the biggest payment he's gotten from Microsoft, but it's not his first).

"The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack," Microsoft said today. "This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."

Unfortunately, Microsoft won't go into the details of Forshaw's exploit (it has to address the issue first), but the company did say that one of its own engineers also found a variant of this class of attack technique. Microsoft says it's already paid out over $128,000 thanks to its bounty programs. You can check out the guidelines for taking part here.

Follow Jane McEntegart @JaneMcEntegart. Follow us @tomshardware, on Facebook and on Google+.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
17 comments
    Your comment
    Top Comments
  • rantoc
    Having by far the hugest OS market share also makes for the biggest target as its less of a benefit to hack a small market share OS. It have sadly been proven over and over that many don't care as much about it since its so infrequent (security through low market share isn't security!). Good to see that MS places security high on the priority list.
    10
  • Other Comments
  • wiinippongamer
    Metro. Where do I claim my 100k?
    8
  • JackFrost860
    I hope his employer did not claim the money off him for work done on company time ;)
    7
  • DjEaZy
    ... Microsoft Pays Out $100,000 for Windows 8.1 Flaw... the OS is a flaw... showmethemoney [starcraft cheat]...
    -9