Printed from http://www.electronista.com

Microsoft pays maximum $100,000 bounty to Internet Explorer researcher

updated 06:51 pm EDT, Tue October 8, 2013

Recent 'universal flaw' patched in today's 'patch Tuesday' updates

Microsoft said earlier today that it is paying its maximum award -- $100,000 -- to a security researcher who found a critical hole in its Internet Explorer web browser. James Forshaw of the Context Information Society was rewarded by Microsoft for pointing out the flaw which Microsoft patched today.

Forshaw was also the recipient of $9,400 in additional rewards for other flaws found in Internet Explorer 11 in the four-month-old bounty program. He has been credited with finding over 30 security bugs across the PC industry's software, with rewards having been paid by Hewlett Packard and others.

The reported flaw affects all supported versions of Internet Explorer from Internet Explorer 6 through Internet Explorer 11. The exploit allows for remote code execution when an Internet Explorer user browses a website containing malicious code tailored to the specific version of the browser.

Microsoft says of the flaw that "the vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially-crafted website that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website."

Today's patch closes both the universal Internet Explorer bug, as well as some of the other flaws Forshaw reported. Microsoft was criticized for waiting until "patch Tuesday" to fix the problem, with researchers claiming the delay put more users in jeopardy.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

D-Link Wi-Fi Smart Plug

Home automation fans have been getting their fair share of gadgets and accessories in the last few years. Starting with light bulbs, a ...

Razer Kraken Pro headset

Gaming headphones are a challenge to get right, for a long list of reasons that are unique to the consumer buying them. Some shoppers ...

Patriot Aero Wireless Mobile Drive

Regardless of how large a tablet you buy, you always want more space. There's always one more movie or another album you'd cram on, if ...

Sponsor

toggle

Most Commented

 
toggle

Popular News