A security researcher has posted a claimed list of yet-to-be-patched Windows 10 vulnerabilities on Twitter after getting frustrated with Microsoft not paying bounties for his submissions.
As Microsoft have no intensions of ever paying me for all my submitted vulnerabilities I am forced to do this.
Countdown starts today- then I will post them all public.
Ms is just trying to get time to patch them then never pay me.
I have for over 100.000$ in submissions.14
— Jonas L (@jonasLyk) July 14, 2020
The researcher claims providing proof of concepts to Microsoft for all submitted vulnerabilities.
MSI Installer service – Escalation of privelegie
.net core – Escalation of privelegieAnd all have been delivered with working proofs of concepts.
— Jonas L (@jonasLyk) July 14, 2020
He has also posted a video that reveals the vulnerability of “bypassing password without desktop”.
No matter what I will still be first to break full bitlocker hd encryption.
Escape hyper-v file system.
Bypass lock screenetc.
And you will all get to see that soon maybe
This is how it looks when bypassing password without desktop:https://t.co/56kdsQFKon— Jonas L (@jonasLyk) July 14, 2020
While we have yet to hear Microsoft’s side of story, this raises big questions about the corporate giant’s engagement with external researchers. Perhaps this fall-out could have been avoided with better communication from both sides.
