Microsoft awards $100,000 to researcher for attack technique

Researcher James Forshaw has won $100,000 from Microsoft's Mitigation Bypass Bounty Program for a new and novel attack technique.

Image: stock photo

Microsoft has awarded $100,000 to researcher James Forshaw for a new attack technique which bypasses an attack mitigation in Windows 8.1.

The reward $100,000 is the maximum payout in Microsoft's Mitigation Bypass Bounty program.

Read this

Microsoft unleashes bug bounty program — for betas, too

The software giant's bug bounty program will aim to fix security flaws, bugs, and vulnerabilities even before products are released.

Read More

Mitigation Bypass is one of three bounty programs announced in June by Microsoft's Katie Moussouris. Another was a special program for critical vulnerabilities in the Internet Explorer 11 Preview.

Last Friday, Moussouris announced six winners in that program, collecting over $28,000.

The third bounty program is the Blue Hat Bonus for Defense, with as much as $50,000 for a defensive technique which would counter an attack technique that can bypass current attack mitigations. No announcements of winners in this program have yet been made. Examples of established attack mitigations are Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Structured Exception Handler Overwrite Protection (SEHOP).

Forshaw is Head of Vulnerability Research, Context Information Security based in the U.K. He is a regular presenter at security conferences and is the author of the network attack tool Canape.

According to Microsoft, he has produced numerous design-level attack techniques and is very good at it.

Moussouris told me that Microsoft will not be disclosing the nature of the attack(s) for which Forshaw won until they have implemented defenses against them. I asked if Microsoft would wait until then to disclose the attack technique to other vendors who might be affected by it. She said that these techniques are not likely to affect other vendors.

Forshaw provided a statement:

Over the past decade working in secure development and research, I have discovered many interesting security vulnerabilities with a heavy focus of complex logic bugs.  I’m keenly interested in the intellectual puzzle of finding novel exploitation techniques and the creativity it requires.

Microsoft’s Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offence to defence. It incentivises researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count.

To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful. Receiving the recognition for my entry is exciting to me and my employer Context. It also gives me the satisfaction that I am contributing to improving the security of both Microsoft’s and Context’s customers.” 

Show Comments