{"id":3734,"date":"2013-10-11T12:30:00","date_gmt":"2013-10-11T16:30:00","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=3734"},"modified":"2013-10-11T12:30:00","modified_gmt":"2013-10-11T16:30:00","slug":"microsoft-awards-100000-to-single-researcher-in-windows-8-1-bounty-program","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/10\/11\/microsoft-awards-100000-to-single-researcher-in-windows-8-1-bounty-program\/","title":{"rendered":"Microsoft awards $100,000 to single researcher in Windows 8.1 bounty program"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.techspot.com\/news\/54282-microsoft-awards-100000-to-single-researcher-in-windows-81-bounty-program.html\"><img data-recalc-dims=\"1\" decoding=\"async\" alt=\"\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2013\/10\/2013-10-09_11-22-26.jpg\" \/><\/a><\/p>\n<p>Microsoft has awarded $100,000 to James Forshaw, a security researcher at Context Information Security, for coming up with a new exploitation technique around the built-in protections of Windows 8.1. The announcement was made on Microsoft\\&#8217;s BlueHat blog and marks the second payout since the company kicked off its first bounty programs earlier this year &#8212; the first involved IE 11 and totaled $28,000 paid out to six security researchers.<br \/>\nThe company isn\\&#8217;t detailing the exploit until it is fully addressed. Coincidentally, Microsoft notes one of its own engineers found a variant of the attack that Forshaw reported, but his submission \u201cwas of such high quality and outlined some other variants\u201d that they thought it deserved the maximum payment for new attack techniques.<br \/>\nForshaw was also among the group of researchers who cashed in on the IE11 Preview Bug Bounty, bringing his total earnings up to $109,400. Not a bad week indeed. The Australian researcher has been credited with identifying several dozen software security bugs at similar events, including a $20,000 bounty from HP\u2019s TippingPoint for exploiting Oracle\\&#8217;s Java software at Pwn2Own.<br \/>\nMicrosoft explains that payouts for new mitigation bypass techniques are far more generous than traditional bug exploits because learning about them helps the company develop defenses against entire classes of attack.<br \/>\nCommenting on the approach, Context Security\u2019s Forshaw said, \u201cMicrosoft\u2019s Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offense to defense. It incentivizes researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count.\u201d<br \/>\nThe company is also running a separate program called BlueHat Bonus for Defense that will award up to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission.<br \/>\nvia <a href=\"http:\/\/www.techspot.com\/news\/54282-microsoft-awards-100000-to-single-researcher-in-windows-81-bounty-program.html\">Microsoft awards $100,000 to single researcher in Windows 8.1 bounty program &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has awarded $100,000 to James Forshaw, a security researcher at Context Information Security, for coming up with a new [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,7,11],"tags":[144,145,680,950,1214,1220],"class_list":["post-3734","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","category-windows","tag-bounty","tag-bounty-program","tag-microsoft-2","tag-security-2","tag-windows-2","tag-windows-8-1"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-Ye","jetpack-related-posts":[{"id":5717,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/11\/windows-8-1-users-wont-receive-any-more-patches-unless-spring-update-is-installed\/","url_meta":{"origin":3734,"position":0},"title":"Windows 8.1 users won&#8217;t receive any more patches unless spring update is installed","author":"NCCT","date":"June 11, 2014","format":false,"excerpt":"Microsoft is staying true to a promise it delivered all the way back in April: Windows 8.1 users who have yet to install the Windows 8.1 Update released this spring won\u2019t be able to download today\u2019s Patch Tuesday updates\u2014or any future Patch Tuesday updates\u2014until they get around to upgrading their\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6247,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/19\/microsoft-pulls-its-august-windows-update-after-users-report-crashes\/","url_meta":{"origin":3734,"position":1},"title":"Microsoft pulls its August Windows update after users report crashes","author":"NCCT","date":"August 19, 2014","format":false,"excerpt":"Microsoft has pulled its August Update for Windows after users reported crashes and issues restarting their systems. The company is currently recommending users uninstall the update. Microsoft said that it discovered issues relating to four individual updates associated with the August Update: 2982791, 2970228, 2975719, and 297533. The updates addressed\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6416,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/09\/09\/microsoft-re-releases-withdrawn-updates\/","url_meta":{"origin":3734,"position":2},"title":"Microsoft re-releases withdrawn updates","author":"NCCT","date":"September 9, 2014","format":false,"excerpt":"Microsoft has re-released the remaining August updates that the company had withdrawn. All three were non-security updates. They had already re-released one security update last week. The three updates are: August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (KB2975719) August 2014 update rollup\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5545,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/14\/microsoft-extends-windows-8-1-update-deadline\/","url_meta":{"origin":3734,"position":3},"title":"Microsoft extends Windows 8.1 Update deadline","author":"NCCT","date":"May 14, 2014","format":false,"excerpt":"When Microsoft launched Windows 8.1 Update last month, the company noted that current Windows 8.1 users would need to download and install the update by May 13 (tomorrow) in order to be eligible to receive future patches. Unfortunately, a number of Windows 8.1 users ran into issues almost immediately while\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5652,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/04\/windows-8-1-finally-overtakes-windows-8-in-usage-share\/","url_meta":{"origin":3734,"position":4},"title":"Windows 8.1 finally overtakes Windows 8 in usage share","author":"NCCT","date":"June 4, 2014","format":false,"excerpt":"Slowly but surely, Microsoft is getting users to leave Windows 8 behind and move on to Windows 8.1. According to Netmarketshare, usage of Windows 8.1 reached 6.35 percent of the overall operating system market share in May, finally moving ahead of Windows 8, which snagged 6.29 percent. While Windows 8\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8495,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/07\/28\/windows-10-installation-files-already-sneaking-onto-windows-7-and-8-pcs-pcworld\/","url_meta":{"origin":3734,"position":5},"title":"Windows 10 installation files already sneaking onto Windows 7 and 8 PCs","author":"NCCT","date":"July 28, 2015","format":false,"excerpt":"Tonight is the night, Windows fans. Starting around midnight Eastern on Wednesday, June 29, 2015 Windows 10 will start rolling out to Windows Insider members. And if you're part of the first wave upgrading to Windows 10, your PC may already be primed for the upgrade. Some Windows Insiders are\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3734","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=3734"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3734\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=3734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=3734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=3734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}