Microsoft pays $100,000 bounty for security bug

Microsoft says it's awarding a $100,000 bounty to a cyber-security expert in Britain who discovered security holes in the company's software.

It's the first time Microsoft has paid that much for identifying what it called an "exploitation technique" that could leave its software vulnerable to hackers.

The company issued a statement congratulating James Forshaw, the head of vulnerability research at Context Information Security, for finding the problem and earning the bounty. Microsoft says its engineers are working on a fix. The company refused to reveal any more details about the security gap until it's corrected.

This is not the first time Forshaw has cashed in for finding computer bugs. He was awarded $9,400 for identifying security problems in a preview version of Microsoft's Internet Explorer 11, and earned another bounty for finding a flaw in Oracle's Java software.

Microsoft launched its bounty program in June to encourage users and security experts worldwide to report any flaws they discovered in its software. So far, the company says it has paid out more than $128,000.