This was indeed silently fixed in 19H1. Really wish the company would get in the business of crediting (no need for money/CVEs) researchers that help find bugs.https://twitter.com/aionescu/status/981671095362174978 …
-
-
Replying to @aionescu
Next time make it public along with exploit. They will pay for reputation when at stake. They are capitalist, want profits only.
1 reply 0 retweets 0 likes -
-
Replying to @aionescu @faisalusuf
It's not really extorsion. When we "won't fix" a bug, that decision also means "we are comfortable with the bug going public". FWIW I also think we should do a better job crediting folks, but nobody minds you tweeting these out.
1 reply 0 retweets 5 likes -
Replying to @JosephBialek @faisalusuf
Throughout the last 20 years I’ve been doing research, I’ve been asked by multiple people at all aspects of management not to tweet/publicize “WontFix” or patched bugs, so while your thoughts are nice & fair, they don’t match the reality of senior leadership’s expectations.
2 replies 0 retweets 2 likes -
Replying to @aionescu @faisalusuf
I can't speak for your experiences obviously, but this is the policy for MSRC. Won't fix == finder can feel free to talk about the bug. If we're not comfortable with that we should be fixing it.
1 reply 0 retweets 5 likes -
Replying to @JosephBialek @faisalusuf
I’ve had people in MSRC ask me this, not just WDG/COSINE. You should bring this up to your leaders :)
2 replies 0 retweets 0 likes -
I dunno, sometimes senior leaders aren't familiar with the policy minutiae of every product area they oversee. It's fine to let someone know you've heard a contradictory request, they might just need someone to bring them up to speed on the rationale, etc.
2 replies 0 retweets 5 likes
That's not a criticism of Microsoft, just talking as a fellow megacorp lifer 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.