Microsoft rewards $100,000 to hacker for Internet Explorer bug, issues update

Advertisement
By Reuters | Updated: 9 October 2013 10:03 IST
Microsoft Corp said on Tuesday it is paying a well-known hacking expert more than $100,000 for finding security holes in its software, one of the largest such bounties awarded to date by a high-tech company.

The software maker also released a much anticipated update to Internet Explorer, which it said fixes a bug that made users of the world's most popular browser vulnerable to remote attack.

James Forshaw, who heads vulnerability research at London-based security consulting firm Context Information Security, won Microsoft's first $100,000 bounty for identifying a new "exploitation technique" in Windows, which will allow it to develop defenses against an entire class of attacks, the software maker said on Tuesday.

Advertisement

Forshaw earned another $9,400 for identifying security bugs in a preview release of Microsoft's Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Center, said in a blog.

Microsoft unveiled the reward programs four months ago to bolster efforts to prevent sophisticated attackers from subverting new security technologies in its software, which runs on the vast majority of the world's personal computers.

Advertisement

Forshaw has been credited with identifying several dozen software security bugs. He was awarded a large bounty from Hewlett-Packard Co for identifying a way to "pwn," or take ownership of, Oracle Corp's Java software in a high-profile contest known as Pwn2Own (pronounced "pown to own").

Microsoft also released an automatic update to Internet Explorer on Tuesday afternoon to fix a security bug that it first disclosed last month.

Advertisement

Researchers say hackers initially exploited that flaw to launch attacks on companies in Asia in an operation that the cybersecurity firm FireEye has dubbed DeputyDog.

Marc Maiffret, chief technology officer of the cybersecurity firm BeyondTrust, said the vulnerability was later more broadly used after Microsoft's disclosure of the issue brought it to the attention of cyber criminals.

Advertisement

He is advising computer users to immediately install the update to Internet Explorer, if they do not have their PCs already set to automatically download updates.

"Any time they patch something that has already been used (to launch attacks) in the wild, then it is critical to apply the patch," Maiffret said.

That vulnerability in Internet Explorer was known as a "zero-day" because Microsoft, the targeted software maker, had zero days notice to fix the hole when the initial attacks exploiting the bug were discovered.

In an active, underground market for "zero day" vulnerabilities, criminal groups and governments sometimes pay $1 million or more to hackers who identify such bugs.

© Thomson Reuters 2013

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Internet, Internet Explorer, Microsoft
Advertisement

Related Stories

Popular Mobile Brands
  1. iQOO Pad 5c With a 10,000mAh Battery Debuts at This Price
  2. Samsung Galaxy M47 5G Price in India Revealed Ahead of Amazon Prime Day
  3. Sony Alpha 7R VI Full-Frame Mirrorless Camera Debuts in India: See Price
  4. Redmi Unveils Its First Over-Ear ANC Headphones With 72-Hour Battery Life
  1. Vivo Pad 5c Launched With Snapdragon 8s Gen 3 Chipset, 10,000mAh Battery: Price, Specifications
  2. Marshall Milton ANC Headphones Launched in India With Adaptive ANC, Up to 80-Hour Battery Life: Price, Features
  3. Two Xiaomi Smartphones, New Honor Handset Visit 3C Certification Database Ahead of Anticipated Debut: Report
  4. Honor 600 Elite Listed on EMVCo Database Alongside Honor 600s and 600 Lite S Models, Could Launch Soon
  5. Nothing Phone 4b RCB Edition Variant Teased; Could Launch in India in Four Storage Variants
  6. Motorola Edge 70 Max Spotted on HDR10+ Certification Site; WPC Listing Reveals Charging Details
  7. Android 17 Introduces New Lock Screen Changes That Severely Limit PIN Guessing Attempts
  8. Google Expands Gemini Spark to macOS for AI Desktop Automation Across Files, Apps
  9. Anthropic Introduces Claude Sonnet 5 With Enhanced Agentic Capabilities; Confirms Return of Claude Mythos 5, Fable 5
  10. Instagram Rolls Out Spin View, New Story Creation Tools for Ray-Ban Meta, Oakley Meta Smart Glasses
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.