[ifthenelseend]

How much money did you get from Microsoft for disclosing that vulnerability?

[withinrafael]

I reported similar issues in the past and there's no bounty, but of course Microsoft reserves the right to deviate. (And I hope they did in this case!) Minimally, you get placement on the Microsoft Online Services Acknowledgments page. https://portal.msrc.microsoft.com/en-us/security-guidance/re...

[jacquesm]

Nothing like working for free for giant companies that fail utterly at their responsibilities.

[owlninja]

I mean if they didn't have an open bounty or posting, you should assume you are 'working' for free.