Microsoft awards US$100k to researcher who cracked Windows 8.1’s defences

9 Oct 2013

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

A security researcher in the UK has been awarded US$100,000 after getting around the security defences built into Windows 8.1 Preview.

James Forshaw is head of vulnerability research at Context Information Security. He used a new mitigation bypass technique to get past the new operating system’s defences.

Earlier in the week, Forshaw was awarded US$9,400 along with other security researchers for discovering design level bugs in the IE11 Preview Bug Bounty.

“While we can’t go into the details of this new mitigation bypass technique until we address it, we are excited that we will be better able to protect customers by creating new defences for future versions of our products because we learned about this technique and its variants,” Microsoft said in the Blue Hat security blog.

“The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defences against entire classes of attack. This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers.

“When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications,” Microsoft said.

OS security image via Shutterstock

66

DAYS

4

HOURS

26

MINUTES

Buy your tickets now!

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com