Looks like Microsoft doesn't understand the specification that they wrote down themselves: It is a bug if an attacker can take over my entire Microsoft account via NFC. I wonder if Microsoft can make amends for any damage it causes. Credit card companies can do this and that's why some NFC payments are only 1FA.
> We reported the issue to Microsoft. They did not consider it a vulnerability, but fixed it<p>Seems like Microsoft doesn't like to pay for a bug bounty