In late September I reported an unauthenticated SSRF I’d found on Office.net to MSRC, only to receive a response that said I had included no reproduction steps, and therefore the report was invalid and would be closed. Obviously, the report had reproduction steps. So I replied, directing them to the report (which included reproduction steps), and was met with the same response. The report was closed, and I was pretty miffed.