How to report a vulnerability to Microsoft
If you discover a vulnerability in a Windows operating system or application, it's essential that you make Microsoft aware of the weakness before it becomes a serious problem. How do you go about reporting the issue? One CISSP from the Microsoft Security Response Center offers the following advice:
The Microsoft Security Response Center investigates all reports of
security vulnerabilities sent to us that affect Microsoft products.
If you believe you have found a security vulnerability affecting a
Microsoft product, we would like to work with you to investigate it.
We are concerned that you might not know the best way to report
security vulnerabilities to Microsoft. You can contact the Microsoft
Security Response Center to report a vulnerability by e-mailing
firstname.lastname@example.org directly, or you can submit your report via our Web-based vulnerability reporting form.
Be as specific as possible in the report, including an exact description of
the vulnerability, what products it affects, steps to reproduce the
problem and what the result of a successful exploit may be.
Other information you'll need to report in the form includes:Manufacturer and model of the affected computer
Additional hardware installed
Operating service packs installed
Which product is affected by the vulnerability
Explanation of how Microsoft can duplicate the flaw in its labs
For help reporting e-mail or IM flaws, use the following resources:How to report spam or e-mail abuse
How to report MSN Messenger vulnerabilities
More information from SearchWindowsSecurity.com
Topic: Research Windows product flaws and vulnerabilities
Quiz: Test your knowledge of vulnerability management
Ask the Expert: Send Kevin Beaver your security threats questions today
This was first published in April 2005
Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.