Skip to main content

Report a Computer Security Vulnerability

The Microsoft Security Response Center investigates all reports of security vulnerabilities affecting Microsoft products and services. If you are a security researcher and believe you have found a Microsoft security vulnerability, we would like to work with you to investigate it.

I need to report a possible security vulnerability to Microsoft.

If you are a security researcher and believe you have found a security vulnerability that meets the definition of a security vulnerability that is not resolved by the 10 Immutable Laws of Security, please send e-mail to us at with as much of the below information as possible. This information will help us to better understand the nature and scope of the possible issue.

  • Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
  • Product and version that contains the bug
  • Service packs, security updates, or other updates for the product you have installed
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue on a fresh install
  • Proof-of-concept or exploit code
  • Impact of the issue, including how an attacker could exploit the issue

To encrypt your message to our PGP key, please download it from the Microsoft Security Response Center PGP Key.

You should receive a response within 24 hours. If for some reason you do not, please follow up with us to ensure we received your original message.

For further information, please visit the Microsoft Security Response Policy and Practices page and read the Acknowledgment Policy for Microsoft Security Bulletins.



I would like to report a security vulnerability in an online service to Microsoft Online Services.

If you have found a security vulnerability in any of Microsoft’s online services, please send e-mail to You should receive a response to your submission within 24 hours and we will start working right away to remediate the vulnerability. To help our engineers identify the potential vulnerability, please include as much information in your report as possible. For example, include the following:

  • Proof-of-concept and/or URL demonstrating the vulnerability
  • Type of issue (cross-site scripting, buffer overflow, SQL injection, etc.)
  • Any special configuration required to reproduce the issue
  • Impact of the issue, including how an attacker could exploit the issue

To encrypt your message to our PGP key, please go to the Microsoft Security Response Center PGP Key and S/MIME Certificate page for further information.

Please note that the Microsoft Security Response Center does not provide technical support for Microsoft products. If you need assistance with something other than reporting a possible security vulnerability, please see the statement below that most closely matches your situation and expand the statement for next steps.



I believe my computer has been attacked or has a virus, worm, trojan horse, spyware, or other malware.

If your computer is showing symptoms of spyware, viruses, or other unwanted software, you should first let your antivirus software scan your computer and try to fix the problem.

Additionally, you may want to try the following Microsoft tools:

Learn how to remove and avoid viruses, spyware, and other malware.

You should also ensure that your computer has all the latest security updates from Microsoft Update, and that you are getting security updates automatically.

If you continue to have trouble, you can find additional support options by visiting the Virus and Security Solution Center.



I am having trouble installing a Microsoft security update, or I experienced issues after installing a Microsoft security update.

If you’re having issues with Microsoft security updates, you can first try troubleshooting problems with installing updates. You can also visit the Microsoft Support site to find fixes for Windows Update issues.

If you have general questions about installing updates, you can find answers to frequently asked questions about Microsoft security updates. And if you want technical information about security updates, you can read the latest Microsoft Security Bulletins and the Security Response Center blog.



I am experiencing technical issues with a Microsoft product.

To find the appropriate support information for your location, visit Microsoft Product Support Services.

See the Forums home page on TechNet to browse questions and answers, or ask your own question.



I need to verify whether an e-mail purportedly from Microsoft is genuine.

Cybercriminals often use phishing email messages to try to steal personal information. Learn how to recognize what a phishing email message looks like and how to avoid scams that use the Microsoft name fraudulently.

To learn about the latest scams, browse through the Security Tips & Talk blog posts.

If you think you’ve been the victim of a scam, find out how you can report it and protect yourself in the future.



I want to submit a malware sample to Microsoft.

Please send your virus, worm, or trojan horse submission to Send your spyware or other malware submission to



I would like to offer general feedback on a Microsoft product.

Please submit your thoughts at Contact Us: Questions About Microsoft Products.