Follow us:

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Janet I. Tu.

October 8, 2013 at 11:41 AM

Microsoft pays researcher $100,000 bounty for finding way around Windows 8.1 protections

In June, Microsoft announced it would be awarding money to people who come up with truly novel ways of getting around the protections in Windows 8.1 Preview, and to those who can find critical vulnerabilities in Internet Explorer 11 Preview.

Today, the company announced it’s awarding $100,000 to James Forshaw, a security vulnerability researcher with Context Information Security. Forshaw was awarded the Mitigation Bypass Bounty for coming up with a new exploitation technique around the protections in Windows 8.1 Preview.

(“Mitigation bypasses” are techniques of going around the protections in a system.)

Microsoft said it couldn’t offer details of the new mitigation bypass technique until the company addresses it.

Katie Moussouris, senior security strategist lead with Microsoft Trustworthy Computing, did say in a statement: “We’re thrilled to receive this qualifying Mitigation Bypass Bounty submission within the first three months of our bounty offering. James’ entry will help us improve our platform-wide defenses and ultimately improve security for customers, as it allows us to identify and protect against an entire class of issues.”

Forshaw was already among those who won part of the $28,000 bug bounty awarded for finding IE11 Preview vulnerabilities.

Microsoft said it pays a much higher bounty for a new attack technique versus for an individual bug because “learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack.”

The IE11 Preview Bug Bounty program is now closed, but the Mitigation Bypass Bounty program and a BlueHat Bonus for Defense program for defensive ideas that block a qualifying mitigation bypass submission are ongoing.

0 Comments | More in Microsoft | Topics: internet explorer 11, mitigation bypass, security

COMMENTS

READER NOTE: Our commenting system has changed. Find out more.

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.


Advertising
The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►