Microsoft hands out $100,000 in bounty for Windows 8.1 flaw; fixes critical IE vulnerability

Microsoft has awarded its first $100,000 bounty reward to a security researcher for discovering a bug in Windows 8.1. The company kicked off the bounty hunt for flaws and vulnerabilities in both Internet Explorer 11 and Windows 8.1, with bounties ranging up to $11,000 and $100,000 respectively.

The large bounty was picked up by James Forshaw, a security researcher at Context Information Security. Detailing a bug that bypassed protections in the preview version of windows 8.1, Forshaw was able to bag the full $100,000 reward. Microsoft will detail the exploit once the company has addressed it.

So how much has Microsoft paid out altogether for bugs in its bounty programs? Over $128,000. While the IE11 hunt has come to a close, the company is still looking for any bugs in Windows 8.1, so be sure to get hunting if you're after a reward for making the OS more secure for consumers.

As well as focusing on securing its software with help from the community, Microsoft continues to release security updates to address vulnerabilities in its products. We can relay that Microsoft has patched a critical flaw in Internet Explorer that could expose users to malware and hacks for at least three months.

The exploit, known as CVE-2013-3893, had the capability to integrate into all supported versions of the popular web browser. Microsoft acknowledged the vulnerability in September, releasing a temporary tool to patch IE until the permanent fix was released. Microsoft's Dustin Childs said the following in a blog post:

The patch contains not only the fix for this issue, but also 10 other issues within IE. 26 different vulnerabilities in Windows, Internet Explorer, SharePoint, .NET Framework, Office, Silverlight, and more were also highlighted in the blog post.

Source: Microsoft (1) (2), via: CNET, The Verge; thanks, unstoppablekem, for the tip!