Home Business IT Security Microsoft pays out $100K for new exploit technique

British hacker James Forshaw British hacker James Forshaw Featured

One plucky hacker has earned  a massive payday courtesy of a bug in Microsoft's Windows OS, pocketing a $100,000 reward for discovering a critical vulnerability.

British-based white-hat hacker James Forshaw from Context Information Security came up with a way of exploiting Windows applications that, according to various sources, overcomes systemic protections such as Address Space Layout Randomization and Data Execution Prevention in Windows 8.1 Preview. Microsoft has ponied up $100,000 for the information.

The tech giant announced back in June that it would join other like-minded companies like Google and Mozilla in paying external hackers to research vulnerabilities, offering up to $11,000 for critical vulnerabilities discovered in the Internet Explorer 11 beta  and up to $100,000 for any technique that bypassed Windows' built-in exploit mitigation schemes.

Forshaw jumped at the chance and had already discovered design level bugs during the IE11 Preview Bug Bounty, bringing his total earnings to $109,400.

"James already came in hot with design level bugs he found during the IE11 Preview Bug Bounty, and we're thrilled to give him even more money for helping us improve our platform-wide security by leaps," said Katie Moussouris, senior security strategist at the Microsoft Security Response Center in a blog post.

"While we can't go into the details of this new mitigation bypass technique until we address it, we are excited that we will be better able to protect customers by creating new defenses for future versions of our products because we learned about this technique and its variants."

Microsoft said that unlike Mozilla for example, it is not paying for individual bugs but was instead offering the $100,000 scheme for entire classes of exploits.

"The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack," the company said.

"This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."

As we reported yesterday Danish-based startup CrowdCurity is also offering bounties for hackers, and is actively looking for small-to-medium sized businesses who want their security tested.

WEBINAR 26/27th May

Thinking of deploying Business Intelligence (BI)? So are your competitors.

And the most important, fundamental, tool for delivering your BI information to your users? Dashboards.

THIS IS ONE NOT TO MISS SO REGISTER NOW

DON'T MISS OUT - REGISTER NOW!

FREE WHITEPAPER - RISKS OF MOVING DATABASES TO VMWARE

VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!

DOWNLOAD!

David Swan

David Swan is a tech journalist from Melbourne and is iTWire's Associate Editor. Having started off as a games reviewer at the age of 14, he now has a degree in Journalism from RMIT (with Honours) and owns basically every gadget under the sun.

Connect

 

 

 

 

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities