See http://www.mckeay.net/secure/archives/000422.html
An email to secure@microsoft.com should do the trick.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf
Of Gary O'leary-Steele
Sent: 27 April 2005 14:16
To: full-disclosure@lists.grok.org.uk
Subject: RE: [Full-disclosure] How to Report a Security
Vulnerability toMicrosoft
Hi,
Im also trying to report a vulnerability to Microsoft but the
site they provide is broken
when i fill out and send
https://www.microsoft.com/technet/security/bulletin/alertus.aspx
I get:
We're sorry, but we were unable to service your request. You
may wish to choose from the links below for information about
Microsoft products and services.
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk]On Behalf Of Kevin
Sent: 27 April 2005 00:11
To: Microsoft Security Response Center
Cc: full-disclosure@lists.grok.org.uk;
ntbugtraq@listserv.ntbugtraq.com
Subject: Re: [Full-disclosure] How to Report a Security
Vulnerability toMicrosoft
On a related note, today we ran into (headfirst) a bug in
Internet Explorer with the processing of a AutoProxy scripts
(Proxy Automatic Configuration aka "PAC", a specialized
subset of javascript to make client-side web proxy routing decisions).
Eventually I isolated the problem to a broken implementation of
dnsDomainIs() in Internet Explorer, so I decided to do the
right thing and report the bug to Microsoft. This isn't a
higly critical security flaw, so I hunted around
microsoft.com and eventually found the page on bug reporting:
http://support.microsoft.com/gp/contactbug
The page states "If you think you have found a bug in a
Microsoft product, contact our Microsoft Product Support
Services department.
(800) MICROSOFT (642-7676)". No email address, no web form,
just a phone number.
So I call this number, and after five minutes of sitting
through IVR menus, I finally reach a live human. She asks
for my name and phone number, and as soon as I mention that I
am reporting a bug in Internet Explorer, says she will
transfer my call.
At that point I get fifteen seconds of music on hold,
followed by dead air. That was a half hour ago.
Kevin Kadow
(P.S. Yes, this is definitely a bug in MSIE -- every other
browser I've tried handles dnsDomainIs() correctly, the sole
exception is MSIE).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
**************************************************************
**************************************************************
**************************************
NEW: Sec-1 Hacking Training - Learn to breach network
security to further your knowledge and protect your network
http://www.sec-1.com/applied_hacking_course.html
**************************************************************
**************************************************************
**************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
