This specific bypass was not reported to Microsoft as it had been established with Device Guard team members that Device Guard bypasses that can be mitigated with CI policy (as is the case here with accompanying blacklist policy) need not be reported. Device Guard and PowerShell constrained language mode bypasses for which CI policy cannot be applied are serviceable through MSRC and the SpecterOps team have reported many of these bugs and received CVEs accordingly.