{"id":3734,"date":"2013-10-11T12:30:00","date_gmt":"2013-10-11T16:30:00","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=3734"},"modified":"2013-10-11T12:30:00","modified_gmt":"2013-10-11T16:30:00","slug":"microsoft-awards-100000-to-single-researcher-in-windows-8-1-bounty-program","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/10\/11\/microsoft-awards-100000-to-single-researcher-in-windows-8-1-bounty-program\/","title":{"rendered":"Microsoft awards $100,000 to single researcher in Windows 8.1 bounty program"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.techspot.com\/news\/54282-microsoft-awards-100000-to-single-researcher-in-windows-81-bounty-program.html\"><img data-recalc-dims=\"1\" decoding=\"async\" alt=\"\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2013\/10\/2013-10-09_11-22-26.jpg\" \/><\/a><\/p>\n<p>Microsoft has awarded $100,000 to James Forshaw, a security researcher at Context Information Security, for coming up with a new exploitation technique around the built-in protections of Windows 8.1. The announcement was made on Microsoft\\&#8217;s BlueHat blog and marks the second payout since the company kicked off its first bounty programs earlier this year &#8212; the first involved IE 11 and totaled $28,000 paid out to six security researchers.<br \/>\nThe company isn\\&#8217;t detailing the exploit until it is fully addressed. Coincidentally, Microsoft notes one of its own engineers found a variant of the attack that Forshaw reported, but his submission \u201cwas of such high quality and outlined some other variants\u201d that they thought it deserved the maximum payment for new attack techniques.<br \/>\nForshaw was also among the group of researchers who cashed in on the IE11 Preview Bug Bounty, bringing his total earnings up to $109,400. Not a bad week indeed. The Australian researcher has been credited with identifying several dozen software security bugs at similar events, including a $20,000 bounty from HP\u2019s TippingPoint for exploiting Oracle\\&#8217;s Java software at Pwn2Own.<br \/>\nMicrosoft explains that payouts for new mitigation bypass techniques are far more generous than traditional bug exploits because learning about them helps the company develop defenses against entire classes of attack.<br \/>\nCommenting on the approach, Context Security\u2019s Forshaw said, \u201cMicrosoft\u2019s Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offense to defense. It incentivizes researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count.\u201d<br \/>\nThe company is also running a separate program called BlueHat Bonus for Defense that will award up to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission.<br \/>\nvia <a href=\"http:\/\/www.techspot.com\/news\/54282-microsoft-awards-100000-to-single-researcher-in-windows-81-bounty-program.html\">Microsoft awards $100,000 to single researcher in Windows 8.1 bounty program &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has awarded $100,000 to James Forshaw, a security researcher at Context Information Security, for coming up with a new [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5,7,11],"tags":[144,145,680,950,1214,1220],"class_list":["post-3734","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","category-windows","tag-bounty","tag-bounty-program","tag-microsoft-2","tag-security-2","tag-windows-2","tag-windows-8-1"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-Ye","jetpack-related-posts":[{"id":9902,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/tpm-2-0-is-not-required-for-windows-11\/","url_meta":{"origin":3734,"position":0},"title":"TPM 2.0 Is Not Required for Windows 11","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/yjjCbOOpREg On Security Now, Steve Gibson talks about Microsofrt dropping the TPM 2.0 requirement from Windows 11.","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/yjjCbOOpREg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9330,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/03\/security-now-657-protonmail\/","url_meta":{"origin":3734,"position":1},"title":"Security Now 657: ProtonMail","author":"NCCT","date":"April 3, 2018","format":false,"excerpt":"https:\/\/youtu.be\/OeSZg-ph3Ns This week we discuss \"DrupalGeddon2\", Cloudflare's new DNS offering, a reminder about GRC's DNS Benchmark, Microsoft's Meltdown meltdown, the persistent iOS QR Code flaw and its long-awaited v11.3 update, another VPN user IP leak, more bug bounty news, an ill-fated-seeming new eMail initiative, Free electricity, a policy change at\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OeSZg-ph3Ns\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9405,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/07\/odorless-and-weightless-hackers-this-week-in-tech-687\/","url_meta":{"origin":3734,"position":2},"title":"Odorless and Weightless Hackers &#8211; This Week in Tech 687","author":"NCCT","date":"October 7, 2018","format":false,"excerpt":"https:\/\/youtu.be\/lb4rnqfNdas Chinese Spy Chips, Microsoft Highs and Lows, Pixel 3 Event Predictions, and More! Bloomberg reports that China used tiny chips to spy on Apple, Amazon, and the US government. Apple and Amazon deny it. How do we know who is right? All the news from the Microsoft Surface event,\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/lb4rnqfNdas\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9932,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/microsoft-makes-70-billion-cuts-3-of-workforce\/","url_meta":{"origin":3734,"position":3},"title":"Microsoft Makes $70 Billion, Cuts 3% of Workforce","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/L0nyc9O5qYY On Windows Weekly, Paul Thurrott and Richard Campbell try to comprehend the sweeping employee layoffs happening at Microsoft in the wake of $70 billion in revenue. The company wants to increase its \"agility by reducing layers.\" Is this the return of Dark Satya?","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/L0nyc9O5qYY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9511,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/01\/22\/millsplain-it-to-me-this-week-in-tech-702\/","url_meta":{"origin":3734,"position":4},"title":"Millsplain It to Me &#8211; This Week in Tech 702","author":"NCCT","date":"January 22, 2019","format":false,"excerpt":"https:\/\/youtu.be\/EtTfFJVBZ6s -Apple's Tim Cook Calls for Data Privacy. -773M Passwords Pwned - How to Find Out If Yours Was. -Amazon Tries to Make Alexa Sound \"Newsy.\" -Google Buys Fossil. -74% of Facebook Users are Clueless. -Facebook's 10 Year Challenge. -Atari Founder Making Alexa Board Games. -Stop Using Windows Phone! -Tokyo\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/EtTfFJVBZ6s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9320,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/08\/this-week-in-tech-661-the-ant-man-canon\/","url_meta":{"origin":3734,"position":5},"title":"This Week in Tech 661: The Ant Man Canon","author":"NCCT","date":"April 8, 2018","format":false,"excerpt":"https:\/\/youtu.be\/BOkNYwQ_k1Y Facebook issues the latest in a long string of apologies.YouTube shooter and the lure of fame. Apple plans its own chips for 2020, Mac Pro for 2019. Is Amazon spending too much on video? Terry Myerson out at Microsoft - the end of the Windows era. FBI seizes Backpage.com.","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/BOkNYwQ_k1Y\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3734","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=3734"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3734\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=3734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=3734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=3734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}