Re: How to Report a Security Vulnerability toMicrosoft

["class101 () phreaker net" <class101 () gmail com>]

they have pubbed theire contact some days ago: secure () microsoft com

Gary O'leary-Steele a écrit :

> Hi,
>
> Im also trying to report a vulnerability to Microsoft but the site they
> provide is broken
>
> when i fill out and send
>
> https://www.microsoft.com/technet/security/bulletin/alertus.aspx
>
> I get:
>
> We’re sorry, but we were unable to service your request. You may wish to
> choose from the links below for information about Microsoft products and
> services.
>
>
>
>
>
> -----Original Message-----
> From: full-disclosure-bounces () lists grok org uk
> [mailto:full-disclosure-bounces () lists grok org uk]On Behalf Of Kevin
> Sent: 27 April 2005 00:11
> To: Microsoft Security Response Center
> Cc: full-disclosure () lists grok org uk; ntbugtraq () listserv ntbugtraq com
> Subject: Re: [Full-disclosure] How to Report a Security Vulnerability
> toMicrosoft
>
>
> On a related note, today we ran into (headfirst) a bug in Internet
> Explorer with the processing of a AutoProxy scripts (Proxy Automatic
> Configuration aka "PAC", a specialized subset of javascript to make
> client-side web proxy routing decisions).
>
> Eventually I isolated the problem to a broken implementation of
> dnsDomainIs() in Internet Explorer, so I decided to do the right thing
> and report the bug to Microsoft.  This isn't a higly critical security
> flaw, so I hunted around microsoft.com and eventually found the page
> on bug reporting:  http://support.microsoft.com/gp/contactbug
>
> The page states "If you think you have found a bug in a Microsoft
> product, contact our Microsoft Product Support Services department.
> (800) MICROSOFT (642-7676)".  No email address, no web form, just a
> phone number.
>
> So I call this number, and after five minutes of sitting through IVR
> menus, I finally reach a live human.  She asks for my name and phone
> number, and as soon as I mention that I am reporting a bug in Internet
> Explorer, says she will transfer my call.
>
> At that point I get fifteen seconds of music on hold, followed by dead
> air.  That was a half hour ago.
>
>
> Kevin Kadow
>
> (P.S. Yes, this is definitely a bug in MSIE -- every other browser
> I've tried handles dnsDomainIs() correctly, the sole exception is
> MSIE).
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ******************************************************************************************************************************************************************
> NEW: Sec-1 Hacking Training - Learn to breach network security to further your knowledge and protect your network 
> http://www.sec-1.com/applied_hacking_course.html
> ******************************************************************************************************************************************************************
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>  
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/