Microsoft awards first $100k bounty for mitigation bypass technique in Internet Explorer 11


Internet Explorer logo

Microsoft’s IE11 Preview Bug Bounty has come to a close and the company revealed on the 7th of October that they had paid $28,000 to six researchers for fifteen bugs in Internet Explorer 11.  Today, Microsoft has revealed that they have paid $100,000 to a researcher for a new mitigation bypass technique in Internet Explorer 11. This now means Microsoft has paid a total of $128,000 to hackers for finding exploits in the browser that’s set to ship with Windows 8.1.

“Congratulations to James Forshaw for coming up with a new exploitation technique to get our first ever $100,000 bounty. A security vulnerability researcher with Context Information Security, James already came in hot with design level bugs he found during the IE11 Preview Bug Bounty, and we’re thrilled to give him even more money for helping us improve our platform-wide security by leaps,” Microsoft stated in an official blog post.

According to the devices and services giant, learning about new mitigation bypass techniques can help the company develop defenses against an entire classes of attack. This can help make individual vulnerabilities less useful when attackers attempt to wreak havoc.

“Until then, our special thanks go to James: Congratulations and well done! You not only made history by receiving a total of $109,400 from our bounty programs, you’re also helping us make our customers safer from entire classes of attack. On behalf of over a billion people worldwide — Thank you and way to go!!” Microsoft adds.

You can view the winners listed here by name and amount of bounty paid. One of the winners earned a bonus for “finding cool IE design vulnerabilities,” which was not disclosed by the company.