Microsoft Pays $100,000 Bounty For Windows 8.1 Exploit Discovery

Microsoft pledged to offer researchers and software developers up to $100,000 if they were able to find various exploits in its new Windows 8.1 operating system. Engadget reports that Microsoft has duly delivered and has just forked out a hefty $100,000 to a software technology specialist for discovering a major security exploit in Windows 8.1. The $100K was paid to James Forshaw of Context Information Security for discovering a defence circumvention technique which Microsoft says wasn’t just a single bug but a whole class of security threat meaning that it can be replicated in many different ways. Microsoft won’t disclose details on the exploit until it develops a fix, to protect Windows 8.1 users from malicious attacks.

“The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack. This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications.”

More details are available here.

Image courtesy of Microsoft