Justin OLeary

Researcher @olearysec found privilege-escalation vuln in Azure Backup for AKS and reported to @microsoft. CERT validated it but Microsoft rejected it and asked Mitre not to give it CVE. Then he says Microsoft silently patched it without telling users olearysec.com/research/azure…

What happens when @Microsoft silently patches your CVSS 9.9 without a CVE, and you ask @CISAgov leadership to invoke CNA of Last Resort — the rule that exists exactly for this situation? @CERTcc closes every case you have. No notifications. No reason The system isn't broken. You're just not who it was built to protect.

@KDbyProxy @KimZetter @Microsoft Hard to get paid for a bug that was never a bug until it was silently fixed. 😂

@KimZetter @olearysec @Microsoft So, no bounty?