11/12/2019 - Microsoft acknowledges report.
11/13/2019 - Microsoft opens case for issue and confirms engineers are reviewing report. Asks for one day extension for 90 day policy to align with patch release cycles.
11/13/2019 - Tenable responds that we willing to postpone public disclosure for vendor.
11/14/2019 - Microsoft acknowledges.
12/2/2019 - Tenable follows up, asking for any updates.
12/4/2019 - Microsoft asks for source code as they are having trouble finding source of the issue.
12/4/2019 - Tenable provides source code and explains root cause of issue.
12/17/2019 - Tenable asks Microsoft for status update
12/17/2019 - Microsoft has difficulty recreating issue with PoC, explains possible issues, asks for new PoC.
12/18/2019 - Tenable troubleshoots PoC issues, asks to schedule call for better troubleshooting.
12/19/2019 - Microsoft shared troubleshooting details with analyst and will follow up if they need to setup call.
01/06/2020 - Tenable asks Microsoft for status update.
01/07/2020 - Microsoft explains they only see Denial of Service occurring with PoC and not Group Policy bypass. Explain it currently does not meet severity bar for security update. Asks for details on Domain setup that Tenable tested.
01/10/2020 - Tenable recreates testing environment and confirms PoC works. Provides basic domain setup information to Microsoft. Tenable shares a rebuilt PoC.
01/13/2020 - Microsoft passes video/PoC to engineering team to try and reproduce. Asks for extension for disclosure date.
01/15/2019 - Tenable offers help if any trouble reproducing issue and will follow up later in the month regarding extension if necessary.
01/27/2020 - Tenable asks for update on reproducing bug.
01/29/2020 - Microsoft responds that they were able to fully replicate issue. Microsoft concludes it is not a bug and is expected behavior.
01/31/2020 - Tenable clarifies impact and why it should be treated as security issue.