How to report a vulnerability to Microsoft

If you've discovered a Microsoft product flaw or operating system vulnerability, make sure you report it right away. Here's how.

Robyn Lorusso

Published: 12 Apr 2005

If you discover a vulnerability in a Windows operating system or application, it's essential that you make Microsoft aware of the weakness before it becomes a serious problem. How do you go about reporting the issue? One CISSP from the Microsoft Security Response Center offers the following advice:

The Microsoft Security Response Center investigates all reports of security vulnerabilities sent to us that affect Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we would like to work with you to investigate it.

We are concerned that you might not know the best way to report security vulnerabilities to Microsoft. You can contact the Microsoft Security Response Center to report a vulnerability by e-mailing secure@microsoft.com directly, or you can submit your report via our Web-based vulnerability reporting form.

Be as specific as possible in the report, including an exact description of the vulnerability, what products it affects, steps to reproduce the problem and what the result of a successful exploit may be.

Other information you'll need to report in the form includes:

Manufacturer and model of the affected computer

Additional hardware installed

Operating systems

Operating service packs installed

Which product is affected by the vulnerability

Explanation of how Microsoft can duplicate the flaw in its labs

For help reporting e-mail or IM flaws, use the following resources:

How to report spam or e-mail abuse

How to report MSN Messenger vulnerabilities

More information from SearchWindowsSecurity.com

Topic: Research Windows product flaws and vulnerabilities

Quiz: Test your knowledge of vulnerability management

Ask the Expert: Send Kevin Beaver your security threats questions today

Dig Deeper on Network intrusion detection and prevention and malware removal

Microsoft delivers seven security fixes for Windows Server, Windows Microsoft kicks off another year of bug squashing, delivering seven security bulletins to seal holes in Windows Server 2008 R2 and desktop versions of Windows.

Microsoft Patch Tuesday: Critical Internet Explorer, Windows DNS updates Coding errors could enable attackers to target Windows machines remotely, gain access to sensitive data and gain complete control of a victim’s computer.

Microsoft fixes Bluetooth vulnerability, Windows kernel flaws ahead of Black Hat 2011 Microsoft repaired a critical Bluetooth vulnerability and fixed more than 20 other flaws as part of its July security updates.

Microsoft investigates Internet Explorer CSS bug A flaw in Internet Explorer 8 can enable an attacker to steal data or force the victim to post to Twitter or other social networks.

Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS A Server Message Block (SMB) flaw in Microsoft's latest OS can be remotely exploited by an attacker to cause Windows 7 machines to stop responding.

Microsoft fixes security update that breaks Internet Explorer An update released Monday corrects two issues that affect the proper display of Web pages.

How to report a vulnerability to Microsoft

If you've discovered a Microsoft product flaw or operating system vulnerability, make sure you report it right away. Here's how.

Dig Deeper on Network intrusion detection and prevention and malware removal

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchVirtualDesktop

Compare offerings from 3 major desktop-as-a-service providers

How to use VMware Horizon Performance Tracker

10 Microsoft Ignite 2019 sessions for VDI admins

SearchWindowsServer

Azure Bastion brings convenience, security to VM management

Microsoft closes IE zero-day on November Patch Tuesday

How to lock down rising Office 365 costs

Dig Deeper on Network intrusion detection and prevention and malware removal

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.