How to report a vulnerability to Microsoft

If you've discovered a Microsoft product flaw or operating system vulnerability, make sure you report it right away. Here's how.

Robyn Lorusso

Published: 12 Apr 2005

If you discover a vulnerability in a Windows operating system or application, it's essential that you make Microsoft aware of the weakness before it becomes a serious problem. How do you go about reporting the issue? One CISSP from the Microsoft Security Response Center offers the following advice:

The Microsoft Security Response Center investigates all reports of security vulnerabilities sent to us that affect Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we would like to work with you to investigate it.

We are concerned that you might not know the best way to report security vulnerabilities to Microsoft. You can contact the Microsoft Security Response Center to report a vulnerability by e-mailing secure@microsoft.com directly, or you can submit your report via our Web-based vulnerability reporting form.

Be as specific as possible in the report, including an exact description of the vulnerability, what products it affects, steps to reproduce the problem and what the result of a successful exploit may be.

Other information you'll need to report in the form includes:

Manufacturer and model of the affected computer

Additional hardware installed

Operating systems

Operating service packs installed

Which product is affected by the vulnerability

Explanation of how Microsoft can duplicate the flaw in its labs

For help reporting e-mail or IM flaws, use the following resources:

How to report spam or e-mail abuse

How to report MSN Messenger vulnerabilities

More information from SearchWindowsSecurity.com

Topic: Research Windows product flaws and vulnerabilities

Quiz: Test your knowledge of vulnerability management

Ask the Expert: Send Kevin Beaver your security threats questions today

How to report a vulnerability to Microsoft

If you've discovered a Microsoft product flaw or operating system vulnerability, make sure you report it right away. Here's how.

Dig Deeper on Network intrusion detection and prevention and malware removal

Microsoft delivers seven security fixes for Windows Server, Windows

Microsoft Patch Tuesday: Critical Internet Explorer, Windows DNS updates

Microsoft fixes Bluetooth vulnerability, Windows kernel flaws ahead of Black Hat 2011

Microsoft investigates Internet Explorer CSS bug

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchVirtualDesktop

5 common Citrix printing issues and how to troubleshoot them

Citrix's performance analytics service gets granular

Citrix ADC vulnerability discovered, temporary fix released

SearchWindowsServer

Battle lines over Windows Server 2008 migration drawn

Build a PowerShell logging function for troubleshooting

January Patch Tuesday fixes cryptography bug found by NSA