Microsoft is changing the way in which it handles vulnerability disclosures. Microsoft is now moving to a model it calls coordinated vulnerability disclosure. The shift is a subtle one from Microsoft, which has always been at the heart of the debate over full disclosure of security vulnerabilities. The new CVD strategy relies on researchers to report vulnerabilities either directly to a vendor or to a trusted third party, such as a CERT-CC, who will then report it to the vendor. Microsoft has steadfastly refused to pay bug bounties in the past.
Source: https://threatpost.com/microsoft-shifts-coordinated-vulnerability-disclosure-policy-072210/74247/