14 DAY TRIAL // Microsoft has once again brought its Internet Explorer 11 bug bounty program in the spotlight, this time in an attempt to give security researchers some tips on how to take advantage of the promo.
The company claims that it's now getting ready for a new avalanche of submissions as we're moving closer to the final days of the program, and the success it registered until now was really impressive.
Microsoft suggests that security experts should look for memory corruption and design issues, as they would allow remote code execution and thus enable an attacker to take control of a vulnerable system.
A memory corruption report must include a functioning exploit to bypass all relevant mitigations and run arbitrary code, as well as a whitepaper to describe the vulnerability, Microsoft explains.
“If the technique used to exploit the vulnerability is truly novel, then we would award the $100,000 Mitigation Bypass Bounty in addition to the $11,000 IE 11 Preview Bug Bounty,” the company said.
“So far, we’ve received many submissions and were able to notify the first bounty recipient last week. We have several more that have qualified for bounties and we're excited to see so many great submissions. Other finders are in the process of being notified via secure [at] microsoft [dot] com,” it continued.
The bug bounty program was specifically launched to help the company find security bugs in Internet Explorer 11, as Microsoft wants this to be the most secure version of its in-house browser released so far.
Internet Explorer 11 is currently available in Preview form in the beta version of Windows 8.1, but the application is set to be released as a stable build later this year together with the first major update for Windows 8.
According to people familiar with the matter, Windows 8.1 will be launched soon after it hits RTM in August, so expect Internet Explorer 11 to be here in just a couple of months.