Back in June, Microsoft announced a bug bounty program, offering a variety of awards for those who found bugs and exploitations for its software. While the Internet Explorer 11 portion of the bounty has come to a close, Microsoft is continuing the “Mitigation Bypass” bounty and has shelled out an award to one industrious individual who found an exploit in Windows 8.1 Preview.
The award went out to Context Information Security’s vulnerability researcher James Forshaw, who was given $100,000 under the Mitigation Bypass Bounty for finding an exploitation method for Windows 8.1 Preview. With the exploit, hackers or other individuals could bypass the operating system’s various security protections.
Such represents the first time Microsoft has received a submission that meets the criteria, and will likely be followed by others in the coming months. Unfortunately, what exactly was discovered by Forshaw is unknown, since Microsoft won’t provide details until after it has solved the problem. This is the researcher’s second prize under the overall bug bounty, with Forshaw having already received an award under the Internet Explorer 11 bounty.
Said Microsoft Trustworthy Computing’s Senior Security Strategist Katie Moussouris: “We’re thrilled to receive this qualifying Mitigation Bypass Bounty submission within the first three months of our bounty offering. James’ entry will help us improve our platform-wide defenses and ultimately improve security for customers, as it allows us to identify and protect against an entire class of issues.” .,.
It makes sense to crowdsource security solutions.