| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Apr 27 14:28:51 2005 From: prandal at herefordshire.gov.uk (Randal, Phil) Subject: How to Report a Security Vulnerability toMi crosoft See http://www.mckeay.net/secure/archives/000422.html An email to secure@...rosoft.com should do the trick. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf > Of Gary O'leary-Steele > Sent: 27 April 2005 14:16 > To: full-disclosure@...ts.grok.org.uk > Subject: RE: [Full-disclosure] How to Report a Security > Vulnerability toMicrosoft > > Hi, > > Im also trying to report a vulnerability to Microsoft but the > site they provide is broken > > when i fill out and send > > https://www.microsoft.com/technet/security/bulletin/alertus.aspx > > I get: > > We're sorry, but we were unable to service your request. You > may wish to choose from the links below for information about > Microsoft products and services. > > > > > > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Kevin > Sent: 27 April 2005 00:11 > To: Microsoft Security Response Center > Cc: full-disclosure@...ts.grok.org.uk; > ntbugtraq@...tserv.ntbugtraq.com > Subject: Re: [Full-disclosure] How to Report a Security > Vulnerability toMicrosoft > > > On a related note, today we ran into (headfirst) a bug in > Internet Explorer with the processing of a AutoProxy scripts > (Proxy Automatic Configuration aka "PAC", a specialized > subset of javascript to make client-side web proxy routing decisions). > > Eventually I isolated the problem to a broken implementation of > dnsDomainIs() in Internet Explorer, so I decided to do the > right thing and report the bug to Microsoft. This isn't a > higly critical security flaw, so I hunted around > microsoft.com and eventually found the page on bug reporting: > http://support.microsoft.com/gp/contactbug > > The page states "If you think you have found a bug in a > Microsoft product, contact our Microsoft Product Support > Services department. > (800) MICROSOFT (642-7676)". No email address, no web form, > just a phone number. > > So I call this number, and after five minutes of sitting > through IVR menus, I finally reach a live human. She asks > for my name and phone number, and as soon as I mention that I > am reporting a bug in Internet Explorer, says she will > transfer my call. > > At that point I get fifteen seconds of music on hold, > followed by dead air. That was a half hour ago. > > > Kevin Kadow > > (P.S. Yes, this is definitely a bug in MSIE -- every other > browser I've tried handles dnsDomainIs() correctly, the sole > exception is MSIE). > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > ************************************************************** > ************************************************************** > ************************************** > NEW: Sec-1 Hacking Training - Learn to breach network > security to further your knowledge and protect your network > http://www.sec-1.com/applied_hacking_course.html > ************************************************************** > ************************************************************** > ************************************** > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists