Microsoft Pays $100,000 for Finding a Big Security Flaw in Windows 8.1

Microsoft on Tuesday awarded $100,000 to James Forshaw, a security researcher at Context Security who discovered a bug in Windows 8.1. Forshaw also previously won a bounty for his role in detecting an IE11 vulnerability.

In just a couple of months, Microsoft has so far paid out over $128,000 to security researchers who have found flaws in Windows and Internet Explorer, it said, mostly in increments ranging from $500 to $5,500. The reason for Forshaw's bigger award is that he found something huge, "an entire class of issues."

"The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack," Microsoft said today. "This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."

Microsoft didn't describe the security attack that Forshaw created. It wants to be able to fix the problem before it talks about it.

Read more -here-

• Google TV now has over 170 free channels
• OpenAI announces new o3 models
• Samsung to announce AI hybrid cooling refrigerators at CES 2025
• Bad actors steal $5.36M in LastPass attack
• FTC announces final rule banning junk fees on tickets and hotels
• EU officially begins work on $11 billion Starlink rival, IRIS2