Full Disclosure mailing list archives
Re: How to Report a Security Vulnerability toMicrosoft
From: "class101 () phreaker net" <class101 () gmail com>
Date: Wed, 27 Apr 2005 15:29:49 +0200
they have pubbed theire contact some days ago: secure () microsoft com Gary O'leary-Steele a écrit :
Hi, Im also trying to report a vulnerability to Microsoft but the site they provide is broken when i fill out and send https://www.microsoft.com/technet/security/bulletin/alertus.aspx I get: We’re sorry, but we were unable to service your request. You may wish to choose from the links below for information about Microsoft products and services. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk]On Behalf Of Kevin Sent: 27 April 2005 00:11 To: Microsoft Security Response Center Cc: full-disclosure () lists grok org uk; ntbugtraq () listserv ntbugtraq com Subject: Re: [Full-disclosure] How to Report a Security Vulnerability toMicrosoft On a related note, today we ran into (headfirst) a bug in Internet Explorer with the processing of a AutoProxy scripts (Proxy Automatic Configuration aka "PAC", a specialized subset of javascript to make client-side web proxy routing decisions). Eventually I isolated the problem to a broken implementation of dnsDomainIs() in Internet Explorer, so I decided to do the right thing and report the bug to Microsoft. This isn't a higly critical security flaw, so I hunted around microsoft.com and eventually found the page on bug reporting: http://support.microsoft.com/gp/contactbug The page states "If you think you have found a bug in a Microsoft product, contact our Microsoft Product Support Services department. (800) MICROSOFT (642-7676)". No email address, no web form, just a phone number. So I call this number, and after five minutes of sitting through IVR menus, I finally reach a live human. She asks for my name and phone number, and as soon as I mention that I am reporting a bug in Internet Explorer, says she will transfer my call. At that point I get fifteen seconds of music on hold, followed by dead air. That was a half hour ago. Kevin Kadow (P.S. Yes, this is definitely a bug in MSIE -- every other browser I've tried handles dnsDomainIs() correctly, the sole exception is MSIE). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ****************************************************************************************************************************************************************** NEW: Sec-1 Hacking Training - Learn to breach network security to further your knowledge and protect your network http://www.sec-1.com/applied_hacking_course.html ****************************************************************************************************************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- How to Report a Security Vulnerability to Microsoft Microsoft Security Response Center (Apr 08)
- Re: How to Report a Security Vulnerability to Microsoft Georgi Guninski (Apr 08)
- Re: How to Report a Security Vulnerability to Microsoft Micheal Espinola Jr (Apr 08)
- Re: How to Report a Security Vulnerability toMicrosoft Morning Wood (Apr 08)
- RE: How to Report a Security Vulnerability toMicrosoft Randall M (Apr 09)
- Re: How to Report a Security Vulnerability to Microsoft Kevin (Apr 26)
- RE: How to Report a Security Vulnerability toMicrosoft Gary O'leary-Steele (Apr 27)
- Re: How to Report a Security Vulnerability toMicrosoft class101 () phreaker net (Apr 27)
- Re: How to Report a Security Vulnerability toMicrosoft Kevin (Apr 27)
- Questions about reporting a vulnerability xyberpix (Apr 29)
- Re: Questions about reporting a vulnerability Rob (Apr 29)
- Re: Questions about reporting a vulnerability mikx (Apr 29)
- Re: Questions about reporting a vulnerability xyberpix (Apr 29)
- Re: Questions about reporting a vulnerability Morning Wood (Apr 29)
- RE: How to Report a Security Vulnerability toMicrosoft Gary O'leary-Steele (Apr 27)
- Re: How to Report a Security Vulnerability to Microsoft Georgi Guninski (Apr 08)
- Re: How to Report a Security Vulnerability to Microsoft Tatercrispies (Apr 28)
- Re: How to Report a Security Vulnerability to Microsoft Georgi Guninski (Apr 28)
- Re: How to Report a Security Vulnerability to Microsoft Tatercrispies (Apr 28)