Microsoft is paying out $100,000 (£63,000) for finding security holes in its software, one of the largest such bounties awarded to date by a high-tech company.
Microsoft released a much anticipated update to Internet Explorer, which it said fixes a bug that made users of the browser vulnerable to remote attack. James Forshaw is a computer vulnerability researcher has discovered a new "exploitation technique” in Windows operating systems.
Microsoft said it could not go into details until it had come up with a solution, but said it was "thrilled" to pay out the reward. Mr Forshaw has also won a similar award from Hewlett-Packard Co for identifying a way to 'pwn', or take ownership of Oracle Corp's Java software.
In a Blog post Mr Forshaw earned another US$9,400 for identifying security bugs in a preview release of Microsoft's Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Center.
Microsoft set up its bug bounty program back in June to encourage hackers to report bugs. The $100,000 reward was offered for the Mitigation Bypass Bounty during the Windows 8.1 preview. The bug bounty offered by Microsoft included bounties for BlueHat Bonus for Defense and IE11 Preview. The rewards for reporting those two bugs ranged from $50,000 and $11,000 respectively.
Microsoft security expert Katie Moussoris Write in blog "Congratulations and well done"
Microsoft has previously paid out $28,000 to users who found holes in Internet Explorer 11. There are still numerous prizes up for grabs.
Microsoft security expert Katie Moussoris explained the reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses [sic] against entire classes of attack.
Researchers say hackers initially exploited that flaw to launch attacks on companies in Asia in an operation that cyber security firm FireEye has dubbed DeputyDog.
Marc Maiffret, chief technology officer of the cyber security firm BeyondTrust, said the vulnerability was later more broadly used after Microsoft's disclosure of the issue brought it to the attention of cyber-criminals.
The vulnerability in Internet Explorer was known as a “zero-day” because Microsoft had that many days to fix the hole when it was discovered attackers were exploiting the bug.
Windows 8 is the Microsoft's latest operating system, launched in October 2012 with improved security features, but is still being refined.
It received mixed reviews on launch, with some saying it was confusing and not user-friendly.
The Windows 8.1 update is due for public release on October 17.
Microsoft released a much anticipated update to Internet Explorer, which it said fixes a bug that made users of the browser vulnerable to remote attack. James Forshaw is a computer vulnerability researcher has discovered a new "exploitation technique” in Windows operating systems.
Microsoft said it could not go into details until it had come up with a solution, but said it was "thrilled" to pay out the reward. Mr Forshaw has also won a similar award from Hewlett-Packard Co for identifying a way to 'pwn', or take ownership of Oracle Corp's Java software.
In a Blog post Mr Forshaw earned another US$9,400 for identifying security bugs in a preview release of Microsoft's Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Center.
Microsoft set up its bug bounty program back in June to encourage hackers to report bugs. The $100,000 reward was offered for the Mitigation Bypass Bounty during the Windows 8.1 preview. The bug bounty offered by Microsoft included bounties for BlueHat Bonus for Defense and IE11 Preview. The rewards for reporting those two bugs ranged from $50,000 and $11,000 respectively.
Microsoft security expert Katie Moussoris Write in blog "Congratulations and well done"
Microsoft has previously paid out $28,000 to users who found holes in Internet Explorer 11. There are still numerous prizes up for grabs.
Microsoft security expert Katie Moussoris explained the reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses [sic] against entire classes of attack.
Researchers say hackers initially exploited that flaw to launch attacks on companies in Asia in an operation that cyber security firm FireEye has dubbed DeputyDog.
Marc Maiffret, chief technology officer of the cyber security firm BeyondTrust, said the vulnerability was later more broadly used after Microsoft's disclosure of the issue brought it to the attention of cyber-criminals.
The vulnerability in Internet Explorer was known as a “zero-day” because Microsoft had that many days to fix the hole when it was discovered attackers were exploiting the bug.
Windows 8 is the Microsoft's latest operating system, launched in October 2012 with improved security features, but is still being refined.
It received mixed reviews on launch, with some saying it was confusing and not user-friendly.
The Windows 8.1 update is due for public release on October 17.
No comments:
Post a Comment