Microsoft awards US$100k to researcher who cracked Windows 8.1’s defences

9 Oct 2013

A security researcher in the UK has been awarded US$100,000 after getting around the security defences built into Windows 8.1 Preview.

James Forshaw is head of vulnerability research at Context Information Security. He used a new mitigation bypass technique to get past the new operating system’s defences.

Earlier in the week, Forshaw was awarded US$9,400 along with other security researchers for discovering design level bugs in the IE11 Preview Bug Bounty.

“While we can’t go into the details of this new mitigation bypass technique until we address it, we are excited that we will be better able to protect customers by creating new defences for future versions of our products because we learned about this technique and its variants,” Microsoft said in the Blue Hat security blog.

“The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defences against entire classes of attack. This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers.

“When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications,” Microsoft said.

OS security image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years