It's almost as if HN is a site where we discuss things instead of just passively consuming information.
In either case only paying $40,000 for disclosing an exploit like this sends a clear message from Microsoft. They don't take their user's security seriously. And it also incentivizes certain outcomes -- They're cheap and less moral actors who are only motivated by the finanical reward won't bother to engage with Microsoft.
In either case only paying $40,000 for disclosing an exploit like this sends a clear message from Microsoft. They don't take their user's security seriously. And it also incentivizes certain outcomes -- They're cheap and less moral actors who are only motivated by the finanical reward won't bother to engage with Microsoft.
Use Microsoft products at your own peril.