Blue Frost Security's Senior Security Researcher Moritz Jodeit has been awarded the highest bounty payout of 100,000 USD by Microsoft as part of the "Mitigation Bypass Bounty" program. Moritz' work combines multiple security vulnerabilities that effectively bypassed several security mitigation mechanisms in the current version of Windows 10. He presented a complete and reliable exploit for Internet Explorer 11 (64-bit) on Windows 10 with full remote code execution, a sandbox escape for Internet Explorer's Enhanced Protected Mode (EPM) and an additional bypass of the latest version of EMET 5.5.
Microsoft is currently working on fixing the reported issues. Once the vulnerabilities are patched, we are planning to publish all the details about the exploit and the used techniques.