Why do you people insist on using such an unobvious address? Do you have a catch-all in place? secure@microsoft.com is a whimsical address almost as silly as designating "abuse@microsoft.com" to "badstuff@microsoft.com". If check where those people you heard saying they tried to contact you tried first, you would see that the first and most logical address would be security@microsoft.com I really do hope you have that address monitored as well, because as long as you are in existence, people will not learn what the correct address is and where to burrow down on your site to make submissions. Can you confirm that this address security@microsoft.com is being monitored as well. /.../.../.../.../.../.../.../.../.../.../.../ Microsoft Security Response Center: Periodically we hear people say they tried to contact Microsoft about a product or service vulnerability and that Microsoft didn't respond. We are concerned that people may not know how to report security vulnerabilities to Microsoft. The Microsoft Security Response Center investigates all reports of security vulnerabilities affecting Microsoft products. If you believe you have found a security vulnerability affecting a Microsoft product, we'd like to work with you to investigate it. You can contact the Microsoft Security Response Center by emailing secure@microsoft.com directly, or you can submit your report via our web-based vulnerability reporting form located at https://www.microsoft.com/technet/treeview/default.asp?url=/technet/se curity/bulletin/alertus.asp. Sincerely, Microsoft Security Response Center /.../.../.../.../.../.../.../.../.../.../.../ Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
