Report a Security Vulnerability
The Microsoft Security Response Center investigates all reports of security vulnerabilities affecting Microsoft products and services. If you are a security researcher and believe you have found a Microsoft security vulnerability, we would like to work with you to investigate it.
If you are a security researcher and believe you have found a security vulnerability that meets the definition of a security vulnerability that is not resolved by the 10 Immutable Laws of Security, please send e-mail to us at [email protected] with as much of the below information as possible. This information will help us to better understand the nature and scope of the possible issue.
- Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
- Product and version that contains the bug
- Service packs, security updates, or other updates for the product you have installed
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue on a fresh install
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
To encrypt your message to our PGP key, please download it from the Microsoft Security Response Center PGP Key.
You should receive a response within 24 hours. If for some reason you do not, please follow up with us to ensure we received your original message.
For further information, please visit the Microsoft Security Response Policy and Practices page and read the Acknowledgment Policy for Microsoft Security Bulletins.
.gif){kind=icon}
If you have found a security vulnerability in any of Microsoft’s online services, please send e-mail to [email protected]. We will respond to your submission within 24 hours and start working right away to remediate the vulnerability. To help our engineers identify the potential vulnerability, please include as much information in your report as possible. For example, include the following:
- Proof-of-concept and/or URL demonstrating the vulnerability
- Type of issue (cross-site scripting, buffer overflow, SQL injection, etc.)
- Any special configuration required to reproduce the issue
- Impact of the issue, including how an attacker could exploit the issue
To encrypt your message to our PGP key, please go to the Microsoft Security Response Center PGP Key and S/MIME Certificate page for further information.
Please note that the Microsoft Security Response Center does not provide technical support for Microsoft products. If you need assistance with something other than reporting a possible security vulnerability, please see the statement below that most closely matches your situation and expand the statement for next steps.
As a first step, you should allow your antivirus software to scan and attempt to repair your computer. Additionally, you may want to try the following Microsoft tools:
You should also ensure your computer has all the security updates available at Microsoft Update.
If you continue to have trouble, you can find additional support options here.
You can obtain security-related support from Microsoft Product Support Services by calling +1 (866) PC-SAFETY (+1 (866) 727-2338) in the U.S. and Canada, or at your local international subsidiary.
Please contact Microsoft Product Support Services. You may also want to browse questions and answers in a relevant forum, or ask your own question. See the Forums home page.
Please send e-mail to [email protected], or visit the Microsoft Software Piracy Protection site for more information.
Please send your virus, worm, or trojan horse submission to [email protected]. Send your spyware or other malware submission to [email protected].
.png)
