The Microsoft Security Response Center investigates all reports of security vulnerabilities affecting Microsoft products and services. If you are a security researcher and believe you have found a Microsoft security vulnerability, we would like to work with you to investigate it.

Please note that the Microsoft Security Response Center does not provide technical support for Microsoft products. If you need assistance with something other than reporting a possible security vulnerability, please see the statement below that most closely matches your situation and expand the statement for next steps.

If you believe you have found a security vulnerability that meets Microsoft's definition of a security vulnerability, please submit the report to MSRC at Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue. If the vulnerability you are reporting is from a penetration test, please work through your Microsoft Customer Support Services team who can help interpret the report and suggest remediations.  If the report contains a novel security vulnerability, the Customer Support Services team can help connect you with MSRC or you can report that directly.
  • Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
  • Product and version that contains the bug, or URL if for an online service
  • Service packs, security updates, or other updates for the product you have installed
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue on a fresh install
  • Proof-of-concept or exploit code
  • Impact of the issue, including how an attacker could exploit the issue
This information will help us triage the report more quickly. If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our Microsoft Bug Bounty page for more details about our active programs.
To encrypt your message with our PGP key, please download it from the Microsoft Security Response Center PGP Key page.
You should receive a response from our team within 24 hours. If you don’t hear from us, please follow up to confirm we received your original message.  
The Microsoft Security Response Center follows these processes for all vulnerability reports: 
  • Triage your report and determine if we should open a case for a more in-depth investigation.  
  • Investigate and take action according to our published servicing criteria.  
  • Publicly acknowledge your contribution to protecting the ecosystem when we release a fix. 
Microsoft follows Coordinated Vulnerability Disclosure (CVD) and, to protect the ecosystem, we request that those reporting to us do the same.

If your account has been compromised, you can take action to recover your account and prevent it from being hacked again.

Visit the Windows Support site to learn how to handle forgotten passwords and other sign-in problems.

If your computer is showing symptoms of spyware, viruses, or other unwanted software, you should first let your antivirus software scan your computer and try to fix the problem.

You should also ensure that your computer has all the latest security updates from Microsoft Update, and that you are getting security updates automatically.

If you continue to have trouble, you can find additional support options by visiting the Virus and Security Solution Center.

f you’re having issues with Microsoft security updates, you can visit the Microsoft Support site to find fixes for Windows Update issues, or contact Microsoft customer support.

If you need technical information about security updates, please refer to the Security Update Guide, where you can search for information about a specific update or filter by release date and/or product range.

To find the appropriate support information for your location, visit Microsoft Product Support Services.

See the Forums home page on TechNet to browse questions and answers, or ask your own question.

Cybercriminals often use phishing email messages to try to steal personal information. Learn how to recognize what a phishing email message looks like and how to avoid scams that use the Microsoft name fraudulently.

To learn about the latest scams, browse through the Security Tips & Talk blog posts.

If you think you’ve been the victim of a scam, find out how you can report it and protect yourself in the future.

Please send e-mail to, or visit the Microsoft Software Piracy Protection site for more information.

Please send your virus, worm, or trojan horse submission to Send your spyware or other malware submission to

Please visit the Microsoft Support page for more information.

Please submit your thoughts at Contact Us: Questions About Microsoft Products.