Microsoft awards $100,000 to researcher for attack technique

Microsoft awards $100,000 to researcher for attack technique

Summary: Researcher James Forshaw has won $100,000 from Microsoft's Mitigation Bypass Bounty Program for a new and novel attack technique.

TOPICS: Security, Microsoft
(Image: stock photo)

Microsoft has awarded $100,000 to researcher James Forshaw for a new attack technique which bypasses an attack mitigation in Windows 8.1.

The reward $100,000 is the maximum payout in Microsoft's Mitigation Bypass Bounty program.

Mitigation Bypass is one of three bounty programs announced in June by Microsoft's Katie Moussouris. Another was a special program for critical vulnerabilities in the Internet Explorer 11 Preview.

Last Friday, Moussouris announced six winners in that program, collecting over $28,000.

The third bounty program is the Blue Hat Bonus for Defense, with as much as $50,000 for a defensive technique which would counter an attack technique that can bypass current attack mitigations. No announcements of winners in this program have yet been made. Examples of established attack mitigations are Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Structured Exception Handler Overwrite Protection (SEHOP).

Forshaw is Head of Vulnerability Research, Context Information Security based in the U.K. He is a regular presenter at security conferences and is the author of the network attack tool Canape.

According to Microsoft, he has produced numerous design-level attack techniques and is very good at it.

Moussouris told me that Microsoft will not be disclosing the nature of the attack(s) for which Forshaw won until they have implemented defenses against them. I asked if Microsoft would wait until then to disclose the attack technique to other vendors who might be affected by it. She said that these techniques are not likely to affect other vendors.

Forshaw provided a statement:

Over the past decade working in secure development and research, I have discovered many interesting security vulnerabilities with a heavy focus of complex logic bugs.  I’m keenly interested in the intellectual puzzle of finding novel exploitation techniques and the creativity it requires.

Microsoft’s Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offence to defence. It incentivises researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count.

To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful. Receiving the recognition for my entry is exciting to me and my employer Context. It also gives me the satisfaction that I am contributing to improving the security of both Microsoft’s and Context’s customers.” 

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Microsoft awards $100,000 to researcher for attack technique

    This shows that it pays to use Microsoft Windows.
    • Mr. Davidson: "This shows that it pays to use Microsoft Windows."

      No, this shows that it pays to *attack* Microsoft Windows ,,, whether one is a white hat, grey hat or black hat.
      Rabid Howler Monkey
  • This May Be The First Time

    That payouts for identifying attack vectors may actually be greater than the product revenues! Oh that silly Ballmer!
  • Great results that ...

    .... hopefully have been passed onto the NSA ..