Disclosing updates on Microsoft's Vulnerability Reports

We discussed this vulnerability during Episode 115 on 31 January 2022

Just send an email pretending to be part of another report and the system will make you part of it. Its really that simple, sending an email using your the email associated with your Researcher portal account with the subject VULN-<report number>will get that email added to the report and be copied on future updates. As report numbers are sequential integers one could predict reports easily or if they knew a particular number they could add themselves to it.