Julien Ahrens

Vulnerability Intel | ROP Gadget Hunter | Privacy Enthusiast | Full-time BugBounty hunter | @Hacker0x01 MVH | @SynackRedTeam member | on a world-trip

Microsoft Fixes 7 XSS Flaws on MSN

08 Jun 2013 » Coordinations

Earlier this year, I’ve reported 7 XSS flaws on different pages of the Dutch MSN Entertainment site to the Microsoft Security Response Center (MSRC case #14103cl) and immediately received a response - not as fast as HP did previously on my HP IMC flaw - but still very fast ;-).

ia-50

In contrast to Google or Facebook, Microsoft does not provide any kind of bugbounty program - they’d probably lose too much money with such a program :-D - just joking!

Instead of this, they provide something which is called “Security Researcher Acknowledgments for Microsoft Online Services” on a monthly basis, where they add security researchers who have responsible disclosed valuable and not-yet-found-and-reported flaws in their online services. Btw: Unfortunately, one of my reported flaws has not been credited by Microsoft, since it’s been previously disclosed by someone else. Anyways, great to read my name on the May 2013 list - fits perfectly on my cv :-)

msrc