36

Microsoft hands out $100,000 in bounty for Windows 8.1 flaw; fixes critical IE vulnerability

Windows 8.1

Microsoft has awarded its first $100,000 bounty reward to a security researcher for discovering a bug in Windows 8.1. The company kicked off the bounty hunt for flaws and vulnerabilities in both Internet Explorer 11 and Windows 8.1, with bounties ranging up to $11,000 and $100,000 respectively.

The large bounty was picked up by James Forshaw, a security researcher at Context Information Security. Detailing a bug that bypassed protections in the preview version of windows 8.1, Forshaw was able to bag the full $100,000 reward. Microsoft will detail the exploit once the company has addressed it.

So how much has Microsoft paid out altogether for bugs in its bounty programs? Over $128,000. While the IE11 hunt has come to a close, the company is still looking for any bugs in Windows 8.1, so be sure to get hunting if you're after a reward for making the OS more secure for consumers.

IE11

As well as focusing on securing its software with help from the community, Microsoft continues to release security updates to address vulnerabilities in its products. We can relay that Microsoft has patched a critical flaw in Internet Explorer that could expose users to malware and hacks for at least three months.

The exploit, known as CVE-2013-3893, had the capability to integrate into all supported versions of the popular web browser. Microsoft acknowledged the vulnerability in September, releasing a temporary tool to patch IE until the permanent fix was released. Microsoft's Dustin Childs said the following in a blog post:

"The most severe vulnerabilities could allow remote code execution if a customer views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer."

The patch contains not only the fix for this issue, but also 10 other issues within IE. 26 different vulnerabilities in Windows, Internet Explorer, SharePoint, .NET Framework, Office, Silverlight, and more were also highlighted in the blog post.

Source: Microsoft (1) (2), via: CNETThe Verge; thanks, unstoppablekem, for the tip!

4
loading...
34
loading...
42
loading...
0
loading...

Comments

There are 36 comments. Sign in to comment

Big Supes says:

Good on them for trying. I really struggle to see why a company such as Microsoft aren't capable of making a decent browser. IE always slows down over time to the point it is no longer useable.

marlasota says:

Well, I am using WIndows 8 and IE10 for a year now and it's just as fast as on day one.

Tavi Truman says:

I've had the same experience with IE10 too; we develop lots of code that run under IE and work and debug in IE all day and night. The browser is solid.

Big Supes says:

I am genuinely happy for you guys. Sadly, the browser is anything but solid for me.

jay_max says:

Can you elaborate?  My experience with IE 10 has been rock solid.  I'm curious as to what problems you are having.

hwangeruk says:

There is little that will "slow" your browser down. The only thing remotely that could do that is IO, your local storage filling up, a disk issue etc. Or plug-ins. There is nothing else that would "attach" to IE to retard its performance.

SwimSwim says:

Amen to that. I really want to love Internet Explorer, so I can envelope myself in the Microsoft ecosystem. Sadly, Chrome still delivers a better expeirence for me.
 
I'm going to give Internet Explorer another shot when I get my Surface Pro 2 in the coming weeks, so I can start from scratch and see how everything goes.

Fellipe Abib says:

IE change a lot since v10.
I stop using Firefox, since I am using W8 and IE is just perfect right now! I think it is faster than Firefox..

Ticomfreak says:

Firefox has gotten so slow over the years it's embarrassing :/

And it's a shame because I refuse to use Chrome, and my school's PC don't let me update IE.

domi1kenobi says:

The last builds from Firefox are very fast. They solved a bug with images loading.
I've switched back to Firefox from Chrome since then.
As a webdev I'm kinda resistant against IE. Even though I realise they made lots of improvements to be W3C compliant.

Ticomfreak says:

IE 11 is the fastest and most stable browser on the market...

Dreyer Smit says:

Maybe it's time to upgrade from Windows XP

Big Supes says:

No need to be a pilock. I went from Windows 7 to Windows 8 (Consumer Preview) to Windows 8 (Retail Preview) to Windows 8 Pro on multiple PCs. Every single one has suffered immensly when using IE10.
Funnily enough, I was only in the gym yesterday signing up a friend on one of their laptops. They have 4 laptops. The first one I jumped on had IE running. I attempted to log in, but the session timed out. I noticed someone else was navigating the site with no issues so I knew it wasn't internet related. The only difference was (and I hate to say this) they were running Chrome. I switched laptops and tried IE again.... still was running so slow to the point it wasn't usable. I bit the bullet and loaded Chrome. The change in perfomance was INSTANTANEOUS. I am 100% genuine when I say that I would choose IE over any browser if it didn't suffer from poor performance. I currently use Firefox as I have no choice. No way I'm going to use anything Google apart from Youtube.

Niavlys77 says:

I've been using both the IE11 Preview on Win8 and IE10 on Win7 at work - and I've gotta say I agree with you fully.

I always try to stick with IE if I can, but there's simply too many problems I repeatedly encounter - as well as sluggish performance (especially on my work machine, which isn't underpowered by any means). I can't count how many sites I run into problems with on IE, but no issues at all on others. I'm just really hoping the final IE11 release will be an actual improvement.

For the meantime - I use IE whenever I can (ultimately for security reasons - none can touch IE on this), but whenever it acts up, I switch to FF.

 

hwangeruk says:

IE 10 on Win 8 retail was fine. IE 11 on 8.1 preview is buggy. (I've temporarily and against my wishes installed Chrome). I'm hoping release IE11 on release 8.1 goes back to IE10 and 8.0 levels of reliability. Speed hasn't been an issue, just weird bugs.

My RT IE browser has also slowed over time to the point where I can no longer use the metro browser.

Big Supes says:

I guess it's only me and you who look at porn. :D

txDrum says:

IE 11 is definitely a modern browser. 10 is a huge improvement but chrome was still better. With 11, they've massively improved the js performance again and made it way more efficient... I'll actually consider going back to IE 11 when it comes out! Also, its not a nightmare to develop for IE and other browsers now :D

Big Supes says:

This sounds encouraging. I was very optimistic when I first started using IE10, but was let down. Here's hoping for IE11! :)

KelvBlue says:

A lot of the programs you installed will attach add ons to the IE without you knowing about them, you can download CCleaner to get rid of them.

What about the Other Storage bug? I have 11GB of other storage and I have GDR 2 Nokia Lumia 920

rockstarzzz says:

You are clearly not on AT&T and hence do not generate any interest.

What about it? This article is about finding security flaws in Windows 8.1. It's got nothing to do with the others storage in Windows Phone.
Anyway, if you want to fix the others storage you need to carry out a factory reset. My 920 went from 2.2 GB of others down to 500 or so MB after a factory reset with GDR2/Amber installed.

WinMaverick says:

Sync and 'proper' adblock plus support are the only two most wanted in my list now. If they fix it, I'm ready to dump Firefox.

EmolaT says:

As i understand sync is coming/already here if you use W8 machines. I guess it will trickle onto WP after 8.1 (Phone) is launched.

WinMaverick says:

"Coming"? maybe... but definitely not "already here". I'm talking IE10 on Win8. Or have I missed something?

Stevied1991 says:

It is only on Windows 8.1 and IE11.

jay_max says:

There's adblock out for IE, but I ended up uninstalling it, because I had more problems with it, than without.

attract says:

Internet explorer has gotten faster over the last years.

crise says:

Yes fast, but I care about features. That's why I always loved opera. I rather have a slower browser than 0 features. Why can't IE have a decent password manager like opera, speed dial, a button to see recent closed tabs, spelling correction, synced favorites, grouping tabs, auto filling forms, etc. IE is just too plain for me.

Stevied1991 says:

It does have spell-check?

Flavio76 says:

i was a big fan of chrome, but when I went to windows8 I got  big surprise of how fast IE was.I refuse to dump the chrome in the first two months since I was a big fan of it....
But nowadays I only use IE , unistalled chrome, and installed AUrora-firefox as a second optionwhen some website crash or beheive  badly on IE...

allos autos says:

They may take my start button, but they will never take my Netscape Navigator.

Found a flaw!!! No start button.

IE 11 on Windows 8.1 is definitely fast!
I've been using it for months now.

I stacked IE and Chrome side by side and loaded the same webpage.

As it turns out, IE won in all of the 19 webpage load tests

brayvefart says:

Well,That is one expensive Window Cleaner!