Microsoft Paid This Man $100,000 For Finding A Big Security Flaw In Windows 8.1


James Forshaw Context Information Security

CREST Videos

Security researcher James Forshaw, Context Information Security

Microsoft set aside $150,000 to pay prizes to security researchers for ripping up Windows and Internet Explorer and telling Microsoft about the holes they find.


That's called a bounty program and Microsoft uses it to find vulnerabilities before bad-guy hackers do.

On Tuesday it awarded $100,000 of the pot to just one guy, James Forshaw, a security researcher at Context Security.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Microsoft didn't describe the security attack that Forshaw created. It wants to be able to fix the problem before it talks about it. But it did say he found something huge, "an entire class of issues."

When Microsoft launched the program in June, it said that to get a $100,000 payout, the researcher would have to come up with a "truly novel" technique that breaks the security protections built into Windows 8.1. The hack had to be one that could let a bad guy control a Windows PC over the Internet, the most dangerous kind of flaw.


In just a couple of months, Microsoft has so far paid out over $128,000 to security researchers who have found flaws in Windows and Internet Explorer, it said, mostly in increments ranging from $500 to $5,500. Forshaw was also paid another $9,400 for finding bugs in the latest version of Internet Explorer.

Interestingly, of the six researchers who won bounties from Microsoft so far, two of them work for Google. Both of the Google researchers donated their cash prizes to charity. Guess finding holes in Windows was its own reward.