How to report a vulnerability to Microsoft

If you've discovered a Microsoft product flaw or operating system vulnerability, make sure you report it right away. Here's how.

If you discover a vulnerability in a Windows operating system or application, it's essential that you make Microsoft aware of the weakness before it becomes a serious problem. How do you go about reporting the issue? One CISSP from the Microsoft Security Response Center offers the following advice:

The Microsoft Security Response Center investigates all reports of security vulnerabilities sent to us that affect Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we would like to work with you to investigate it.

We are concerned that you might not know the best way to report security vulnerabilities to Microsoft. You can contact the Microsoft Security Response Center to report a vulnerability by e-mailing secure@microsoft.com directly, or you can submit your report via our Web-based vulnerability reporting form.

Be as specific as possible in the report, including an exact description of the vulnerability, what products it affects, steps to reproduce the problem and what the result of a successful exploit may be.

Other information you'll need to report in the form includes:

  • Manufacturer and model of the affected computer
  • Additional hardware installed
  • Operating systems
  • Operating service packs installed
  • Which product is affected by the vulnerability
  • Explanation of how Microsoft can duplicate the flaw in its labs
  • For help reporting e-mail or IM flaws, use the following resources:

  • How to report spam or e-mail abuse
  • How to report MSN Messenger vulnerabilities

  • More information from SearchWindowsSecurity.com

  • Topic: Research Windows product flaws and vulnerabilities
  • Quiz: Test your knowledge of vulnerability management
  • Ask the Expert: Send Kevin Beaver your security threats questions today


  • This was first published in April 2005

    Dig deeper on Network intrusion detection and prevention and malware removal

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchVirtualDesktop

    SearchWindowsServer

    SearchExchange

    Close