Published in News

Microsoft pays largest bug bounty

by on09 October 2013

Fixing IE

Software giant Microsoft has written a $100,000 cheque to a well-known hacker for finding a bug in its Internet Exploder browser. James Forshaw, who heads vulnerability research at London-based security consulting firm Context Information Security, won the largest bounty Redmond has ever paid out.

The software maker also released a much-anticipated update to Internet Explorer, which it said fixes a bug that made users of the world's most popular browser vulnerable to remote attack. The bug is more than just a minor hole in the code, Forshaw found a new "exploitation technique" in Windows. For Microsoft, it means that that it can develop defenses against an entire class of attacks. Forshaw earned another $9,400 for identifying security bugs in a preview release of Microsoft's Internet Explorer 11 browser.

Forshaw has been credited with identifying several dozen software security bugs. HP awarded him a large bounty for identifying a way to take control of Oracle's Java software. Microsoft also released an automatic update to Internet Explorer on Tuesday afternoon to fix a security bug that it first disclosed last month.

Researchers say hackers initially exploited that flaw to launch attacks on companies in Asia in an operation that the cybersecurity firm FireEye has dubbed DeputyDog.

Rate this item
(0 votes)

Read more about: