Microsoft has paid security researcher, James Forshaw, a sum of $100,000 after he found a security flaw within the soon to be released Windows 8.1 operating system.
Forshaw has received the reward through Microsoft’s bounty program which was started four months ago. The aim of this program is to help Microsoft improve the security of its operating systems and applications by encouraging security experts to try and find potential security flaws. Up until this latest case, Microsoft has already paid out $28,000. This money has largely been given to people who have found flaws within the Internet Explorer 11 web browser.
Forshaw, who is a security researcher for the security firm Context, found a mitigation bypass technique which could have given a hacker widespread access to the system.
Forshaw stated, “I think I originally came up with the winning idea sitting at home, pondering what I could do. When it comes to vulnerability testing, though, the eureka moment is more about the final working proof of concept. There are so many stumbling blocks that can trip you up along the way that you just can’t get too excited too quickly. We’re not talking retirement money here. When it comes to security flaw bounties like this, most of it goes to the company, and even if it didn’t, once the taxman has taken his cut it’s certainly not a life-changing sum.”
Kate Moussouris, who is the senior security strategist for Microsoft, stated, “While we can’t go into the details of this new mitigation bypass technique until we address it, when we strengthen platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications.”
Moussouris has also congratulated and praised Forshaw for finding this security flaw.
Moussourish stated, “Congratulations and well done. You not only made history by receiving a total of $109,400 from our bounty programs, you’re also helping us make our customers safer from entire classes of attack. On behalf of over a billion people worldwide – Thank you and way to go!!”
This case shows that even Microsoft are starting to encourage security experts to find security flaws within the Windows operating system and applications to help them fight against the ever increasing threat of hackers.
Therefore, the importance of having a robust backup solution in place is more important than ever as hackers are developing more sophisticated and complex attacks each day which could lead to vital business data being held to ransom or deleted.