| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Apr 27 00:11:11 2005 From: kkadow at gmail.com (Kevin) Subject: How to Report a Security Vulnerability to Microsoft On a related note, today we ran into (headfirst) a bug in Internet Explorer with the processing of a AutoProxy scripts (Proxy Automatic Configuration aka "PAC", a specialized subset of javascript to make client-side web proxy routing decisions). Eventually I isolated the problem to a broken implementation of dnsDomainIs() in Internet Explorer, so I decided to do the right thing and report the bug to Microsoft. This isn't a higly critical security flaw, so I hunted around microsoft.com and eventually found the page on bug reporting: http://support.microsoft.com/gp/contactbug The page states "If you think you have found a bug in a Microsoft product, contact our Microsoft Product Support Services department. (800) MICROSOFT (642-7676)". No email address, no web form, just a phone number. So I call this number, and after five minutes of sitting through IVR menus, I finally reach a live human. She asks for my name and phone number, and as soon as I mention that I am reporting a bug in Internet Explorer, says she will transfer my call. At that point I get fifteen seconds of music on hold, followed by dead air. That was a half hour ago. Kevin Kadow (P.S. Yes, this is definitely a bug in MSIE -- every other browser I've tried handles dnsDomainIs() correctly, the sole exception is MSIE).
Powered by blists - more mailing lists