0
1
I have been looking for vulnerabilities in Windows 8 and Windows 7, and would like to report them to Microsoft.
Some are extremely important including one that compromises the user's key store without asking for the admin's password.
How can I report these vulnerabilities to Microsoft?
DividedByZero
Posted 2014-10-30T19:31:40.770
Reputation: 280
6
From Report a Computer Security Vulnerability:
If you are a security researcher and believe you have found a security vulnerability that meets the definition of a security vulnerability that is not resolved by the 10 Immutable Laws of Security, please send e-mail to us at secure@microsoft.com with as much of the below information as possible. This information will help us to better understand the nature and scope of the possible issue.
- Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
- Product and version that contains the bug
- Service packs, security updates, or other updates for the product you have installed
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue on a fresh install
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
slhck
Posted 2014-10-30T19:31:40.770
Reputation: 182 472
Nice. I like Law #9 best. :) – Ƭᴇcʜιᴇ007 – 2014-10-30T21:24:13.633
The article - 10 Immutable Laws of Security - you linked to was most probably the best tech/security article I've ever read, The guy compared software to a sandwich! And bullet 2 from law 3: He could unplug the computer, haul it out of your building, and hold it for ransom. :P – DividedByZero – 2014-11-01T15:11:57.477
Not a duplicate. This is not about bugs but security vulnerabilities. – slhck – 2014-11-01T15:19:00.443