Comment by sandworm101
19 hours ago
Because its microsoft. They know that MS will not respond, likely because MS already knows all about the problem. The fun is in pointing out how MS is so ossified and internally convoluted that it cannot apply fixes in any reasonable time. It is the last scene and the people are laughing at emperor walking around without clothes.
Microsoft CERT offers forms to fill out about DDOS attacks. I reported their IP addresses and the server they were hitting including the timestamp.
All of the reports to Microsoft CERT had proof-of-concept code and links to github and bugcrowd issues. Microsoft CERT sent me an individual email for every single IP address that was reported for DDOS.
And then half an hour later they sent another email for every single IP address with subject "Notice: Cert.microsoft.com - Case Closure SIRXXXXXXXXX".
I can understand that the meager volume of requests I've sent to my own server doesn't show up in Microsoft's DDOS-recognizer software, but it's just ridiculous that they can't even read the description text or care enough to forward it to their sister company. Just a single person to care enough to write "thanks, we'll look into it".