Microsoft rewards hacker for discovering Windows 8.1 security issues

PUBLISHED BY
Richard Meryn



TAGS:


8 years ago




Microsoft Corp. Headquarters

Microsoft Corp. Headquarters

Most tech companies will hand out a “bug bounty” to the first person who reports a particular security flaw. Microsoft’s Mitigation Bypass Bounty operates in a different way altogether. In order to contend the $100,000 reward, a security researcher must exhibit a brand new exploitation technique that’s competent against the recent version of Windows. Within three months of announcing this program, Microsoft on Tuesday made its first $100,000 award.

Microsoft rewards hacker who is a well-known British hacking expert more than $100,000 for discovering security holes in its software, one of the biggest bounties awarded to date by a tech company.

The company also released the much awaited update to Internet Explorer, which it said fixes a bug that made users of the browser assailable to remote attack.

James Forshaw, who heads vulnerability research at British consulting firm Context Information Security, won Microsoft’s first $US100,000 ($106,000) bounty for identifying a new “exploitation technique” around the built-in protections of Windows 8.1 security issues, which will allow it to build defences against an entire class of attacks, the company said. He is a regular presenter at security conferences and is the author of the network attack tool Canape.

The Microsoft rewards hacker $100,000 not for each bug identified, but for discovering classes of bugs that will allow Microsoft windows security issues to develop defences against varied attacks. Microsoft windows security issues isn’t divulging any information about what Forshaw was able to find, except to say that the discovered path could bypass system-level defences, like Data Execution Prevention, which is mainly used in modern operating systems to stop the execution of code from non-executable memory

So as far as the big pay out offered, “The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defences against entire classes of attack,” says Katie Moussouris, Microsoft’s senior security strategist. “This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications.”

In the last two months, Microsoft windows security issues has so far handed out over $128,000 to security researchers who have found flaws in Windows and Internet Explorer. The Microsoft Rewards Hacker ranging from $500 to $5500. Forshaw was also paid another $9,400 for identifying bugs in the latest version of Internet Explorer.

Richard Meryn
Richard Meryn, Associate Editor Industry Leaders Magazine (www.industryleadersmagazine.com)

Recent Posts

Evergrande: A black swan event that could spook markets

Evergrande: A black swan event that could spook markets

EverGrande is now known as the “world’s most indebted property developer” and serves as a symbol of corporate excess.
11 hours ago
Moderna vaccine more effective than Pfizer, study says

Moderna vaccine more effective than Pfizer, study says

Moderna’s Covid-19 vaccine does a slightly better job of preventing coronavirus-related hospitalizations and emergency department visits.
2 days ago
iPhone 13 and iPhone 13 Pro: Specifications, Release Date, Features and much more

iPhone 13 and iPhone 13 Pro: Specifications, Release Date, Features and much more

Apple iPhone 13 Pro and iPhone 13 Pro Max can be a hit with its ever new technology A15 Bionic chip and other cool profound features.
4 days ago
Total signs $27 billion energy deal to fund 1-gigawatt solar power plant

Total signs $27 billion energy deal to fund 1-gigawatt solar power plant

The French oil major, Total, has signed a $27 billion deal to fund a 1-gigawatt solar power plant, and boost oil and gas production in the Middle-East region.
4 days ago
PMI seals $1.51 billion takeover of British inhalation specialist Vectura

PMI seals $1.51 billion takeover of British inhalation specialist Vectura

Philip Morris International (PMI) acquires a 22.6% stake in British inhalation specialist Vecutra closing in on the controversial $1.51 billion takeover.
5 days ago
Apple co-founder Steve Wozniak joins the space race

Apple co-founder Steve Wozniak joins the space race

Wozniak, popularly known as “Woz”, is setting up a private space company with Ripcord co-founder Alex Fielding. In a tweet, Wozniak shared a promotional video for the company c
6 days ago