super confused- but reverse reason. Submitted nice exploit chain, 1 bug to start diag record as system, 1 to use that file operations to make shell as system. My name is first, but you got bounty https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0944 …
But initially I just got a " No bounty, because class (EOP) or criticality(Importnant) or product not in scope" WTF? 2/3 you say are correct, nr. 3 is just windows 10- use more words this is not fair behaivior- i spent over 100 hours on it.
-
-
took me complaining in every single conversation with them, sandboxescaper to pull strings and still months for them to even tell why rejected. Same time I had submission -> published CVE as EOP, but they classified it as "tampering" so 1/7 bounty....wtf? I
-
I say: Run my exe as guest user, you get cmd prompt running as system- that is EOP, nothing to debate. Ignored for months, complained every 14 days- until finally a security researcher relationship manager fixed it in 1 hour. Got contact with her by submitting a questionare
- Show replies
New conversation -
-
-
I report a lot of logical bugs (more than 10) in diagtrack, and most of them got merged. I have email MSRC to give me the details of the merges and just got reply. But CVE-2020-0944 is not in it and I think I did not get bounty on it. I am confused.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.