If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
To All:
I recently discovered a security vulnerability in WinXP SP2 and IE6. After an EXHAUSTIVE search of the MSKB, I could not find with an article documenting the security flaw that I discovered. I was able to duplicate the problem 3 times and the next day at work I showed it to one of our Windows Sysadmins and we both concluded that I had indeed discovered an undocumented security flaw in WinXP SP2 and IE6. My own background, I have been a scientific programmer in Windows, various UNIX, and (I am really giving away my age here) VAX/VMS environments for over 15 years. Over the years, with one of our scientific software vendors, I have discovered a few bugs that got my name on them. I know that the public-domain Mozilla Organization has a mechanism in place for users to report (and I might add, get rewarded) for turning in newly discovered security vulnerabilities in their public-domain software. As I computer professional, how do I let private-sector Microsoft know that I have discovered an undocumented security vulnerability in WinXP SP2 and IE6 (especially before a hacker exploits it and causes trouble)? Thanks, Steve |
Ads |
#2
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
Microsoft Product Feedback
http://register.microsoft.com/mswish/suggestion.asp -- Carey Frisch Microsoft MVP Windows XP - Shell/User Be Smart! Protect Your PC! http://www.microsoft.com/athome/secu...t/default.aspx ---------------------------------------------------------------------------- "Steve H" wrote: | To All: | | I recently discovered a security vulnerability in WinXP SP2 and IE6. | After an EXHAUSTIVE search of the MSKB, I could not find with an article | documenting the security flaw that I discovered. | | I was able to duplicate the problem 3 times and the next day at work I | showed it to one of our Windows Sysadmins and we both concluded that I | had indeed discovered an undocumented security flaw in WinXP SP2 and IE6. | | My own background, I have been a scientific programmer in Windows, | various UNIX, and (I am really giving away my age here) VAX/VMS | environments for over 15 years. Over the years, with one of our | scientific software vendors, I have discovered a few bugs that got my | name on them. | | I know that the public-domain Mozilla Organization has a mechanism in | place for users to report (and I might add, get rewarded) for turning in | newly discovered security vulnerabilities in their public-domain | software. | | As I computer professional, how do I let private-sector Microsoft know | that I have discovered an undocumented security vulnerability in WinXP | SP2 and IE6 (especially before a hacker exploits it and causes trouble)? | | Thanks, | | Steve |
#3
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
Carey Frisch [MVP] wrote:
Microsoft Product Feedback http://register.microsoft.com/mswish/suggestion.asp Carey: Thanks for the Re. Microsoft has got to have a better method than that! You mean that they do not have a more DIRECT Point Of Contact DEDICATED to reporting security vulnerabilities? A product feedback form like that could easily result in VERY important information ending up in the "bit bucket". I realize the Microsoft is a much bigger operation than the Mozilla Organization, but one click from the Mozilla home page, I get: http://www.mozilla.org/security/ Report security-related bugs and learn more about how we secure our products: * If you believe that you've found a Mozilla-related security vulnerability, please report it by sending email to the address . Note that your report may be eligible for a reward; see below. * For more information on how to report security vulnerabilities and how the Mozilla community will respond to such reports, see our policy for handling security bugs. Steve |
#4
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
Carey Frisch [MVP] wrote:
Microsoft Product Feedback http://register.microsoft.com/mswish/suggestion.asp Steve H wrote: Thanks for the Re. Microsoft has got to have a better method than that! You mean that they do not have a more DIRECT Point Of Contact DEDICATED to reporting security vulnerabilities? A product feedback form like that could easily result in VERY important information ending up in the "bit bucket". I realize the Microsoft is a much bigger operation than the Mozilla Organization, but one click from the Mozilla home page, I get: http://www.mozilla.org/security/ Report security-related bugs and learn more about how we secure our products: * If you believe that you've found a Mozilla-related security vulnerability, please report it by sending email to the address . Note that your report may be eligible for a reward; see below. * For more information on how to report security vulnerabilities and how the Mozilla community will respond to such reports, see our policy for handling security bugs. Using Microsoft search.. (which should be simpler than finding an unreported vulnerability): https://s.microsoft.com/technet/secu...n/alertus.aspx -- - Shenan - -- The information is provided "as is", it is suggested you research for yourself before you take any advice - you are the one ultimately responsible for your actions/problems/solutions. Know what you are getting into before you jump in with both feet. |
#5
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
Shenan Stanley wrote:
Carey Frisch [MVP] wrote: Microsoft Product Feedback http://register.microsoft.com/mswish/suggestion.asp Steve H wrote: Thanks for the Re. Microsoft has got to have a better method than that! You mean that they do not have a more DIRECT Point Of Contact DEDICATED to reporting security vulnerabilities? A product feedback form like that could easily result in VERY important information ending up in the "bit bucket". I realize the Microsoft is a much bigger operation than the Mozilla Organization, but one click from the Mozilla home page, I get: http://www.mozilla.org/security/ Report security-related bugs and learn more about how we secure our products: * If you believe that you've found a Mozilla-related security vulnerability, please report it by sending email to the address . Note that your report may be eligible for a reward; see below. * For more information on how to report security vulnerabilities and how the Mozilla community will respond to such reports, see our policy for handling security bugs. Using Microsoft search.. (which should be simpler than finding an unreported vulnerability): https://s.microsoft.com/technet/secu...n/alertus.aspx Shenan Thanks for the much better Re. It is late at night and I am tired so tomorrow when I am more awake, I will respond with the detailed info required for the web page that you sent me. Steve |
#6
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
"Steve H" wrote in message
... ...... Thanks for the much better Re. It is late at night and I am tired so tomorrow when I am more awake, I will respond with the detailed info required for the web page that you sent me. Steve Steve, I assume you mean that you will fill the details into the web page at https://s.microsoft.com/technet/secu...n/alertus.aspx Please do not discuss your potential vulnerability in this pubic newsgroup. -- Regards, Mike -- Mike Brannigan [Microsoft] This posting is provided "AS IS" with no warranties, and confers no rights Please note I cannot respond to e-mailed questions, please use these newsgroups "Steve H" wrote in message ... Shenan Stanley wrote: Carey Frisch [MVP] wrote: Microsoft Product Feedback http://register.microsoft.com/mswish/suggestion.asp Steve H wrote: Thanks for the Re. Microsoft has got to have a better method than that! You mean that they do not have a more DIRECT Point Of Contact DEDICATED to reporting security vulnerabilities? A product feedback form like that could easily result in VERY important information ending up in the "bit bucket". I realize the Microsoft is a much bigger operation than the Mozilla Organization, but one click from the Mozilla home page, I get: http://www.mozilla.org/security/ Report security-related bugs and learn more about how we secure our products: * If you believe that you've found a Mozilla-related security vulnerability, please report it by sending email to the address . Note that your report may be eligible for a reward; see below. * For more information on how to report security vulnerabilities and how the Mozilla community will respond to such reports, see our policy for handling security bugs. Using Microsoft search.. (which should be simpler than finding an unreported vulnerability): https://s.microsoft.com/technet/secu...n/alertus.aspx Shenan Thanks for the much better Re. It is late at night and I am tired so tomorrow when I am more awake, I will respond with the detailed info required for the web page that you sent me. Steve |
#7
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
Mike Brannigan [MSFT] wrote:
"Steve H" wrote in message ... ..... Thanks for the much better Re. It is late at night and I am tired so tomorrow when I am more awake, I will respond with the detailed info required for the web page that you sent me. Steve Steve, I assume you mean that you will fill the details into the web page at https://s.microsoft.com/technet/secu...n/alertus.aspx Please do not discuss your potential vulnerability in this pubic newsgroup. Mike: What and let a potential hacker read about this vulnerability on a public forum before Microsoft can address it! Steve |
#8
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
Mike Brannigan [MSFT] wrote:
"Steve H" wrote in message ... ..... Thanks for the much better Re. It is late at night and I am tired so tomorrow when I am more awake, I will respond with the detailed info required for the web page that you sent me. Steve Steve, I assume you mean that you will fill the details into the web page at https://s.microsoft.com/technet/secu...n/alertus.aspx Please do not discuss your potential vulnerability in this pubic newsgroup. Mike: What and let a potential hacker read about this vulnerability on a public forum before Microsoft can address it! Steve |
#9
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
Hi Steve,
I have forwarded your post to a MS security unit. I expect they'll contact you by email. Ron Chamberlin MS-MVP "Steve H" wrote in message ... To All: I recently discovered a security vulnerability in WinXP SP2 and IE6. After an EXHAUSTIVE search of the MSKB, I could not find with an article documenting the security flaw that I discovered. I was able to duplicate the problem 3 times and the next day at work I showed it to one of our Windows Sysadmins and we both concluded that I had indeed discovered an undocumented security flaw in WinXP SP2 and IE6. My own background, I have been a scientific programmer in Windows, various UNIX, and (I am really giving away my age here) VAX/VMS environments for over 15 years. Over the years, with one of our scientific software vendors, I have discovered a few bugs that got my name on them. I know that the public-domain Mozilla Organization has a mechanism in place for users to report (and I might add, get rewarded) for turning in newly discovered security vulnerabilities in their public-domain software. As I computer professional, how do I let private-sector Microsoft know that I have discovered an undocumented security vulnerability in WinXP SP2 and IE6 (especially before a hacker exploits it and causes trouble)? Thanks, Steve |
#10
|
|||
|
|||
Discovered Security Vunerability in WinXP SP2
Ron:
Thanks for the Re. I am not used to top-posting in NG's. My email address is munged so if you forwarded my post to MS security, then how will MS contact me? I reviewed the on-line form at https://s.microsoft.com/technet/secu...n/alertus.aspx that Mike Brannigan [Microsoft] directed me to. I had a very hard day at work today, so I was too tired when I got home to compose a concise description of the security vulnerability to fit into this form. I have one other important computer-related task at home that I did not get done today either, so I will try to get the form completed for MS either Wednesday or Thursday night. In the meantime, I am silent about the security vulnerability. Steve Ron Chamberlin wrote: Hi Steve, I have forwarded your post to a MS security unit. I expect they'll contact you by email. Ron Chamberlin MS-MVP "Steve H" wrote in message ... To All: I recently discovered a security vulnerability in WinXP SP2 and IE6. After an EXHAUSTIVE search of the MSKB, I could not find with an article documenting the security flaw that I discovered. I was able to duplicate the problem 3 times and the next day at work I showed it to one of our Windows Sysadmins and we both concluded that I had indeed discovered an undocumented security flaw in WinXP SP2 and IE6. My own background, I have been a scientific programmer in Windows, various UNIX, and (I am really giving away my age here) VAX/VMS environments for over 15 years. Over the years, with one of our scientific software vendors, I have discovered a few bugs that got my name on them. I know that the public-domain Mozilla Organization has a mechanism in place for users to report (and I might add, get rewarded) for turning in newly discovered security vulnerabilities in their public-domain software. As I computer professional, how do I let private-sector Microsoft know that I have discovered an undocumented security vulnerability in WinXP SP2 and IE6 (especially before a hacker exploits it and causes trouble)? Thanks, Steve |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WinXP SP2 and ZoneAlarm | Steve | Windows Service Pack 2 | 9 | September 7th 04 04:57 PM |
WinXP SP2 and ZoneAlarm | Steve | Windows Service Pack 2 | 9 | September 7th 04 04:57 PM |
WinXP SP2 and ZoneAlarm Firewall | Steve | Windows Service Pack 2 | 2 | September 5th 04 12:27 AM |
WinXP SP2 and ZoneAlarm Firewall | Steve | Windows Service Pack 2 | 3 | September 5th 04 12:27 AM |
WinXP SP2 and ZoneAlarm Firewall | Steve | Windows Service Pack 2 | 2 | September 5th 04 12:27 AM |