That's called a bounty program and Microsoft uses it to find vulnerabilities before bad-guy hackers do.
On Tuesday it awarded $100,000 of the pot to just one guy, James Forshaw, a security researcher at Context Security.
Microsoft didn't describe the security attack that Forshaw created. It wants to be able to fix the problem before it talks about it. But it did say he found something huge, "an entire class of issues."
When Microsoft launched the program in June, it said that to get a $100,000 payout, the researcher would have to come up with a "truly novel" technique that breaks the security protections built into
In just a couple of months, Microsoft has so far paid out over $128,000 to security researchers who have found flaws in Windows and Internet Explorer, it said, mostly in increments ranging from $500 to $5,500. Forshaw was also paid another $9,400 for finding bugs in the latest version of Internet Explorer.
Interestingly, of the six researchers who won bounties from Microsoft so far, two of them work for Google. Both of the Google researchers donated their cash prizes to charity. Guess finding holes in Windows was its own reward.