A security researcher has won $13,000 bounty from Microsoft for finding a critical flaw in its main authentication system that could allow hackers to gain access to a user’s Outlook, Azure and Office accounts.

The vulnerability has been uncovered by UK-based security consultant Jack Whitton and is similar to Microsoft’s OAuth CSRF (Cross-Site Request Forgery) in Live.com discovered by