Make money at home attacking Windows!

A freelance coding site hosts a project to exploit the latest critical flaw in Microsoft Windows

The cash-for-exploits trend continues to grow this week, with a coding site offering to fund anyone who can produce an attack that compromises Windows computers through a just-reported critical flaw.

Freelance coding site (pronounced "gun-yo") will pay any programmer that can produce an exploit for a severe vulnerability announced by Microsoft during its regularly scheduled Patch Tuesday update. The current bounty on the exploit has reached $1,451, a pittance compared to the price that vulnerability researcher might get for a similar but unknown flaw.

Microsoft announced the vulnerability on Tuesday and urged Windows users -- especially businesses -- to patch the issue as fast as possible. The vulnerability is particularly severe because it allows an attacker to remotely exploit systems from the Internet without needing to log in to the targeted computer. The flaw could be a vector for an Internet worm.

"Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days," Microsoft researchers stated in a blog post warning of the vulnerability.

Rick Jones, founder of, posted the bounty notice soon after Microsoft's release. The bounty is for an exploit module that can be used in the Metasploit framework, a software program that allows security specialists to test network security. The modules, however, are also blueprints that can teach attackers how to recreate the exploit.

Paying researchers for exploit has taken off in the past two years. Earlier this month Google paid two researchers each a bounty of $60,000 for vulnerabilities and exploits that could be used to attack a Windows computer through the company's Chrome browser. Prices paid for such information has risen in the past few years because vulnerabilities are becoming harder to find and researchers are finding buyers in other markets, such as government agencies and the criminal underground.

The bounty bucks that trend. But the funds are supplied by the site's members, so the price could eventually rise.

This story, "Make money at home attacking Windows!" was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2012 IDG Communications, Inc.

How to choose a low-code development platform