How to report bug, issue or vulnerability to Microsoft

Any software can have issues even though they pass through rigorous testing by professionals. The same happens with Windows and any other products developed by Microsoft. The good thing is that Microsoft is open if somebody wants to share their feedback for their software. In this post, we will share how you can report bug, issue or vulnerability to Microsoft.

Just before we start, let’s understand the basic difference between bug, issue or vulnerability.

  1. A bug is when there is a glitch. Sometimes that should not have happened, but happens under some circumstances. You can also call it a flaw in the software which is because of a coding problem.
  2. An issue is where there is no fault of developer all the time. Sometimes the requirement of the final screen or product did not pass through correctly.
  3. A vulnerability means that someone can gain access to your computer or server without permission. This is a high-level issue, and any company will take this seriously, and resolve this at the earliest.

Report bug, issue or vulnerability to Microsoft

Now that we are clear about the terminology, it is wise that these are reported directly to Microsoft. The primary reason that you should always report them to the company is that no one wants a flaw to get used incorrectly. Specially vulnerability.

Report Security Vulnerability

Since this is a high-level threat, Microsoft has put up a piece of advice to help you understand what a Security Vulnerability means. Usually its difficult to find or spot such a problem unless you know a lot about software, and how it may work. Microsoft recommends that if you find one, it is requested to send the report to the Microsoft Security Response Center at secure@microsoft.com.

The reporting also includes attaching some details which can help Microsoft understand the problem better. Here is the list:

  • Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
  • Product and version that contains the bug, or URL if for an online service
  • Service packs, security updates, or other updates for the product you have installed
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue on a fresh install
  • Proof-of-concept or exploit code
  • Impact of the issue, including how an attacker could exploit the issue

That said, if you are a tech person who does this often, you can always take part in the Bug Bounty program. You can find more details about the Microsoft Bug Bounty page here. To make sure the effort is worth, you also get rewarded. Make sure to keep checking on the list of Active Bounty Programs.

When reporting, you will have to use the Microsoft Security Response Center PGP Key. A response is sent back from the team. Once Microsoft receives the report, they will follow these processes for all vulnerability reports:

  • Triage your report and determine if they should open a case for a more in-depth investigation.
  • Investigate and take action according to the published servicing criteria.
  • Publicly acknowledge your contribution to protecting the ecosystem when they release a fix.

Report Bugs and Issues

Bugs and Issues are usually safe to post in public. This is where Microsoft asks us to post about it in the Microsoft Community page.  Here you can explain your problem in complete detail, add a screenshot, and let community members help you. Whenever you post something, make sure to choose the correct category.

Apart from MVPs, Microsoft has their own Engineers who keep a tab on the issues. If they find something which is reported by many people, the company may acknowledge, and check on it.

Feedback HUB

After Microsoft started the Windows Insiders Program, they rolled out an inbuilt reporting option. Named as Feedback HUB. It’s pre-installed on your computer.

Launch it and you will see two major options. Report an issue, and Suggest a feature. You can use this to keep a tab on a popular issue, find issues which you have faced, and so on.

How to report bug, issue or vulnerability to Microsoft

The Feedback HUB is so well done, that you do not need to go to any public forum to report issues and bugs. You can search for related issue in the hub, upvote it, and share your solution as well. Many a time a feature is requested so many times, that Microsoft has to think about it. They even make it into next feature update or major upgrade.

It also includes Announcements from Microsoft for new features and major rollouts. You can also use this tool to send out diagnostic data from your computer to Microsoft. This tool will capture your actions on your computer which simulates that problem and then send to Microsoft.

Apart from these, if you have anything to report, issues around your products where you cannot log in issues with a security update. If you need more information take a look at this Microsoft page.

Microsoft does hard work to bring the best experience to Windows, and we will strongly suggest you also report bug, issue or vulnerability to Microsoft when you find it.

Posted by on , in Category General with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Leave a Reply

Your email address will not be published. Required fields are marked *


5 + 2 =