How to report Bug, Issue or Vulnerability to Microsoft

Any software can have issues even though it passes through rigorous professional testing. The same happens with Windows and any other products developed by Microsoft. The good thing is that Microsoft is open if somebody wants to share feedback on their software. This post will share how you can report a bug, issue, or vulnerability to Microsoft.

Before starting, let’s understand the basic difference between bug, issue, or vulnerability.

1. A bug is when there is a glitch. Sometimes that should not have happened, but happens under some circumstances. You can also call it a flaw in the software which is because of a coding problem.
2. An issue is where there is no fault of the developer all the time. Sometimes the requirement of the final screen or product did not pass through correctly.
3. A vulnerability means that someone can gain access to your computer or server without permission. This is a high-level issue, and any company will take this seriously, and resolve this at the earliest.

Report Bug, Issue or Vulnerability to Microsoft

Now that we are clear about the terminology, it is wise that these are reported directly to Microsoft. The primary reason that you should always report them to the company is that no one wants a flaw to get used incorrectly. Specially vulnerability.

Report Security Vulnerability to Microsoft

Since this is a high-level threat, Microsoft has put up a piece of advice to help you understand what Security Vulnerability means. Usually, it’s difficult to find or spot such a problem unless you know a lot about software and how it may work. Microsoft recommends that if you find one, it is requested to send the report to the Microsoft Security Response Center at secure@microsoft.com.

The reporting also includes attaching details that can help Microsoft understand the problem better. Here is the list:

• Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
• Product and version that contains the bug, or URL if for an online service
• Service packs, security updates, or other updates for the product you have installed
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue on a fresh install
• Proof-of-concept or exploit code
• Impact of the issue, including how an attacker could exploit the issue

You can also here at msrc.microsoft.com.

Microsoft Bug Bounty program

That said, if you are a tech person who does this often, you can always take part in the Bug Bounty program. You can find more details about the Microsoft Bug Bounty page here. To make sure the effort is worth it, you also get rewarded. Make sure to keep checking on the list of Active Bounty Programs.

When reporting, you will have to use the Microsoft Security Response Center PGP Key. A response is sent back from the team. Once Microsoft receives the report, they will follow these processes for all vulnerability reports:

• Triage your report and determine if they should open a case for a more in-depth investigation.
• Investigate and take action according to the published servicing criteria.
• Publicly acknowledge your contribution to protecting the ecosystem when they release a fix.

Report Bugs and Issues to Microsoft

Bugs and Issues are usually safe to post in public. This is where Microsoft asks us to post about it on the Microsoft Community page – http://support.microsoft.com/gp/contactbug/.

You can explain your problem in complete detail, add a screenshot, and let community members help you. Whenever you post something, make sure to choose the correct category.

Apart from MVPs, Microsoft has its own Engineers who keep a tab on the issues. If they find something which is reported by many people, the company may acknowledge, and check on it.

Feedback HUB

After Microsoft started the Windows Insiders Program, they rolled out an inbuilt reporting option. Named as Feedback HUB. It’s pre-installed on your computer.

Launch it and you will see two major options. Report an issue, and Suggest a feature. You can use this to keep a tab on a popular issue, find issues that you have faced, and so on.

The Feedback HUB is so well done that you do not need to go to any public forum to report issues and bugs. You can search for related issues in the hub, upvote them, and share your solution as well. Many a feature is requested so many times that Microsoft has to think about it. They even make it into the next feature update or major upgrade.

It also includes Announcements from Microsoft for new features and major rollouts. You can also use this tool to send out diagnostic data from your computer to Microsoft. This tool will capture your actions on your computer which simulates that problem and then send it to Microsoft.

Read: How to send Feedback or Complain about Windows 11 to Microsoft.

Report Windows Activation errors

If your Windows 11/10 is genuine, but you still receive errors relating to a non-genuine software, you can follow up by using the steps below.

1. Open Administrator command prompt then paste the code below and hit Enter

Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab

1. Copy the result and upload to One Drive, then locate the txt file Windows created on your desktop then upload both to One Drive
2. Go to the Microsoft Product Activation Call Center and lay your report.

Apart from these, if you have anything to report, issues around your products where you cannot log in issues with a security update. If you need more information take a look at this Microsoft page.

Microsoft does hard work to bring the best experience to Windows, and we will strongly suggest you also report bugs, issues or vulnerabilities to Microsoft when you find them.