super confused- but reverse reason. Submitted nice exploit chain, 1 bug to start diag record as system, 1 to use that file operations to make shell as system. My name is first, but you got bounty https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0944 …
-
This Tweet is unavailable.
-
took me complaining in every single conversation with them, sandboxescaper to pull strings and still months for them to even tell why rejected. Same time I had submission -> published CVE as EOP, but they classified it as "tampering" so 1/7 bounty....wtf? I
I say: Run my exe as guest user, you get cmd prompt running as system- that is EOP, nothing to debate. Ignored for months, complained every 14 days- until finally a security researcher relationship manager fixed it in 1 hour. Got contact with her by submitting a questionare
-
-
Whether Microsoft to give you a bounty depends on whether they are willing to give you.I haven't got bounty so far
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.