VEECUBED community: Microsoft pays $100k bounty to British researcher who found Windows 8.1 bug

Photograph: James Forshaw, who works for Context Information Security, discovered the bug in a preview version of the Windows 8.1 system.

Microsoft has paid $100,000 (£62,600) to the British researcher James Forshaw for finding a critical security flaw in the software firm’s upcoming Windows 8.1 operating system.oft

Forshaw, a researcher for the security firm Context, found a “mitigation bypass” – a hack that circumvented the protection systems built into Windows 8.1 which could have allowed hackers widespread access to the system.

“While we can’t go into the details of this new mitigation bypass technique until we address it, when we strengthen platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications,” said Microsoft’s senior security strategist, Katie Moussouris.

Forshaw said it had taken three and a half weeks to find the flaw, responding to “a very specific brief” from Microsoft.

“I think I originally came up with the winning idea sitting at home, pondering what I could do. When it comes to vulnerability testing, though, the eureka moment is more about the final working proof of concept. There are so many stumbling blocks that can trip you up along the way that you just can’t get too excited too quickly.”