Microsoft awards $100,000 to researcher for attack technique

Summary:Researcher James Forshaw has won $100,000 from Microsoft's Mitigation Bypass Bounty Program for a new and novel attack technique.

Image: stock photo

Microsoft has awarded $100,000 to researcher James Forshaw for a new attack technique which bypasses an attack mitigation in Windows 8.1.

The reward $100,000 is the maximum payout in Microsoft's Mitigation Bypass Bounty program.

Mitigation Bypass is one of three bounty programs announced in June by Microsoft's Katie Moussouris. Another was a special program for critical vulnerabilities in the Internet Explorer 11 Preview.

Last Friday, Moussouris announced six winners in that program, collecting over $28,000.

The third bounty program is the Blue Hat Bonus for Defense, with as much as $50,000 for a defensive technique which would counter an attack technique that can bypass current attack mitigations. No announcements of winners in this program have yet been made. Examples of established attack mitigations are Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Structured Exception Handler Overwrite Protection (SEHOP).

Forshaw is Head of Vulnerability Research, Context Information Security based in the U.K. He is a regular presenter at security conferences and is the author of the network attack tool Canape.

According to Microsoft, he has produced numerous design-level attack techniques and is very good at it.

Moussouris told me that Microsoft will not be disclosing the nature of the attack(s) for which Forshaw won until they have implemented defenses against them. I asked if Microsoft would wait until then to disclose the attack technique to other vendors who might be affected by it. She said that these techniques are not likely to affect other vendors.

Forshaw provided a statement:

Over the past decade working in secure development and research, I have discovered many interesting security vulnerabilities with a heavy focus of complex logic bugs.  I’m keenly interested in the intellectual puzzle of finding novel exploitation techniques and the creativity it requires.

Microsoft’s Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offence to defence. It incentivises researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count.

To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful. Receiving the recognition for my entry is exciting to me and my employer Context. It also gives me the satisfaction that I am contributing to improving the security of both Microsoft’s and Context’s customers.” 

Topics: Security, Microsoft


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.