super confused- but reverse reason. Submitted nice exploit chain, 1 bug to start diag record as system, 1 to use that file operations to make shell as system. My name is first, but you got bounty https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0944 …
-
This Tweet is unavailable.
-
But initially I just got a " No bounty, because class (EOP) or criticality(Importnant) or product not in scope" WTF? 2/3 you say are correct, nr. 3 is just windows 10- use more words this is not fair behaivior- i spent over 100 hours on it.
took me complaining in every single conversation with them, sandboxescaper to pull strings and still months for them to even tell why rejected. Same time I had submission -> published CVE as EOP, but they classified it as "tampering" so 1/7 bounty....wtf? I
-
-
I say: Run my exe as guest user, you get cmd prompt running as system- that is EOP, nothing to debate. Ignored for months, complained every 14 days- until finally a security researcher relationship manager fixed it in 1 hour. Got contact with her by submitting a questionare
-
Whether Microsoft to give you a bounty depends on whether they are willing to give you.I haven't got bounty so far
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.