Microsoft Pays $100,000 for Finding a Big Security Flaw in Windows 8.1

Microsoft on Tuesday awarded $100,000 to James Forshaw, a security researcher at Context Security who discovered a bug in Windows 8.1. Forshaw also previously won a bounty for his role in detecting an IE11 vulnerability.

In just a couple of months, Microsoft has so far paid out over $128,000 to security researchers who have found flaws in Windows and Internet Explorer, it said, mostly in increments ranging from $500 to $5,500. The reason for Forshaw's bigger award is that he found something huge, "an entire class of issues."

"The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack," Microsoft said today. "This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."

Microsoft didn't describe the security attack that Forshaw created. It wants to be able to fix the problem before it talks about it.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules