Skip to main content


Update Lifecycle

The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services.

Security Update Lifecycle

The MSRC monitors and manages more than 100,000 vulnerability reports from customers and is connected with a worldwide network of security researchers and partners that closely monitors security news lists and public forums.

Report a Vulnerability

App Management

Report a VulnerabilityApp management image 
If you believe you have found a Microsoft security vulnerability, we would like to work with you to investigate it…Microsoft has announced a new policy to help ensure the security of apps that are available through the Windows Store, Windows Phone Store, Office Store, and Azure Marketplace… 

Software & Services Incident Response Plan

The MSRC uses Microsoft's worldwide Software & Services Incident Response Plan (SSIRP) to help quickly investigate, analyze, and resolve security incidents that warrant an update.


The MSRC and its partners are always on the alert for threats.

Alert and Mobilize Resources

When a threat is identified, engineers and communications professionals are paged and mobilized.


The engineering team investigates the issue and works with the communications team to develop guidance for customers nd partners.

Stablize and Recover

The communication team provides guidance to customers, while the engineering team develops the solution.


The MSRC provides tools and solutions, and the Watch phase resumes.