Locations

United StatesChangeAll Microsoft Sites

Search

Print Email Share
Print Email Share

Overview

The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services.

If you are a security researcher and believe you have found an issue that meets the definition of a security vulnerability and that is not resolved by the 10 Immutable Laws of Security, please notify us at secure@microsoft.com. Include as many of the below details as possible. This information will help us to better understand the nature and scope of the situation:

  • Type of issue (buffer overflow, SQL injection, cross-site scripting, for example).
  • Product and version that contains the bug.
  • Service packs, security updates, or other updates for the product you have installed.
  • Any special configuration required to reproduce the issue.
  • Step-by-step instructions to reproduce the issue on a fresh install.
  • Proof-of-concept or exploit code.
  • Impact of the issue, including how an attacker could exploit the issue.

To encrypt your message to our PGP key, please download it from the Microsoft Security Response Center PGP Key. You should receive a response within 24 hours. If for some reason you do not, please follow up with us to ensure we received your original message.

For further information, please read the Acknowledgment Policy for Microsoft Security Bulletins.

Was This Information Useful?