Report a Vulnerability

If you are a security researcher and believe you have found a security vulnerability that meets the definition of a security vulnerability and that is not resolved by the 10 Immutable Laws of Security, please notify us at secure@microsoft.com. Include as many of the below details as possible. This information will help us to better understand the nature and scope of the situation:

• Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.).
• Product and version that contains the bug.
• Service packs, security updates, or other updates for the product you have installed.
• Any special configuration required to reproduce the issue.
• Step-by-step instructions to reproduce the issue on a fresh install.
• Proof-of-concept or exploit code.
• Impact of the issue, including how an attacker could exploit the issue.

To encrypt your message to our PGP key, please download it from the Microsoft Security Response Center PGP Key.

You should receive a response within 24 hours. If for some reason you do not, please follow up with us to ensure we received your original message.

For further information, please read the Acknowledgment Policy for Microsoft Security Bulletins.

If you have found a security vulnerability in any of Microsoft’s online services, please contact us at secure@microsoft.com. We will respond to your submission within 24 hours and start working right away to remediate the vulnerability. To help our engineers identify the problem, please include as much information in your report as possible. For example, include the following:

• Proof-of-concept and/or URL demonstrating the vulnerability.
• Type of issue (cross-site scripting, buffer overflow, SQL injection, etc.).
• Any special configuration required to reproduce the issue.
• Impact of the issue, including how an attacker could exploit the issue.

To encrypt your message to our PGP key, please go to the Microsoft Security Response Center PGP Key and S/MIME Certificate page for further information.

Note: The Microsoft Security Response Center does not provide technical support for Microsoft products.

If you need assistance with something other than reporting a possible security vulnerability, please click the statement below the most closely matches your situation.

Please complete the Passport Support Form on the Helpful Information for Microsoft Passport Network page.

Please complete the Passport Support Form on the Helpful Information for Microsoft Passport Network page.

First, allow your antivirus software to scan and attempt to repair your computer. Next, you might try using the following Microsoft tools:

• Windows Live OneCare
• Windows Live Safety Center
• Windows Defender
• Malicious Software Removal Tool

You should also ensure your computer has all the security updates available at Microsoft Update.

If you continue to have trouble, you can obtain free malware-related support from Microsoft Customer Service and Support by calling +1 866 PC-SAFETY (+1 866 727-2338) in the U.S. and Canada, or at your local international subsidiary.

You can obtain free security-related support from Microsoft Customer Service and Support by calling +1 866 PC-SAFETY (+1 866 727-2338) in the U.S. and Canada, or from your local international subsidiary.

Please contact Microsoft Customer Service and Support. You may also want to post a message on one of our free support newsgroups. See Microsoft Product Support Newsgroups for more information.

Please read How to tell whether a Microsoft security-related e-mail message is genuine.

Please send e-mail to piracy@microsoft.com, or visit the Microsoft Software Piracy Protection site for more information.

To submit a worm, virus, or other malware sample, visit the Microsoft Malware Protection Portal.

Please visit the Contact Us page for more information.

Please submit your thoughts to Contact Us: Questions about Microsoft Products.