Microsoft has not been shy about offering money to people who uncover exploits in its code, though the company also has not been particularly generous — you need to find pretty serious exploits. The corporation offers up to $100,000, but has rarely had to put forth all of that cash.
In fact, today marks only the second time the software giant has paid out the full bounty. Asian researcher Yang Yu was the lucky recipient, after he discovered three holes in the company’s Windows operating system. The actual exploits were kept quiet, for obvious reasons.
All of these security problems were what is considered “mitigation bypass variants”. In layman’s terms, if there are any for this such thing, a mitigation bypass is capable of exploiting remote code execution vulnerabilities that attack the stack. It’s sometimes referred to as “stack overflow”.
To qualify for the top prize of $100,000 there is criteria to be met, including being generic, reliable, having reasonable requirements and being applicable to a major piece of the company’s software.
Yu becomes only the second to score the big prize, and brings the grand total of cash handed out by Microsoft to $253,000 since the program began.