Now i wonder if you also did that? When did our submissions cross? was initial bug double submit- then i could submit nr. 2 by other path to it. was nr. 2 double submit? then wrong rejection.....
super confused- but reverse reason. Submitted nice exploit chain, 1 bug to start diag record as system, 1 to use that file operations to make shell as system. My name is first, but you got bounty https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0944 …
-
-
-
Feel sorry to hear your experience. Here is the information of my diagtrack cases this month I got from Microsoft. Seems CVE-2020-0944 is not in it.pic.twitter.com/1T5JJdAnyF
This media may contain sensitive material. Learn more
End of conversation
New conversation -
-
-
But initially I just got a " No bounty, because class (EOP) or criticality(Importnant) or product not in scope" WTF? 2/3 you say are correct, nr. 3 is just windows 10- use more words this is not fair behaivior- i spent over 100 hours on it.
-
took me complaining in every single conversation with them, sandboxescaper to pull strings and still months for them to even tell why rejected. Same time I had submission -> published CVE as EOP, but they classified it as "tampering" so 1/7 bounty....wtf? I
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.