G
Guest
Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
To All:
I recently discovered a security vulnerability in WinXP SP2 and IE6.
After an EXHAUSTIVE search of the MSKB, I could not find with an article
documenting the security flaw that I discovered.
I was able to duplicate the problem 3 times and the next day at work I
showed it to one of our Windows Sysadmins and we both concluded that I
had indeed discovered an undocumented security flaw in WinXP SP2 and IE6.
My own background, I have been a scientific programmer in Windows,
various UNIX, and (I am really giving away my age here) VAX/VMS
environments for over 15 years. Over the years, with one of our
scientific software vendors, I have discovered a few bugs that got my
name on them.
I know that the public-domain Mozilla Organization has a mechanism in
place for users to report (and I might add, get rewarded) for turning in
newly discovered security vulnerabilities in their public-domain
software.
As I computer professional, how do I let private-sector Microsoft know
that I have discovered an undocumented security vulnerability in WinXP
SP2 and IE6 (especially before a hacker exploits it and causes trouble)?
Thanks,
Steve
To All:
I recently discovered a security vulnerability in WinXP SP2 and IE6.
After an EXHAUSTIVE search of the MSKB, I could not find with an article
documenting the security flaw that I discovered.
I was able to duplicate the problem 3 times and the next day at work I
showed it to one of our Windows Sysadmins and we both concluded that I
had indeed discovered an undocumented security flaw in WinXP SP2 and IE6.
My own background, I have been a scientific programmer in Windows,
various UNIX, and (I am really giving away my age here) VAX/VMS
environments for over 15 years. Over the years, with one of our
scientific software vendors, I have discovered a few bugs that got my
name on them.
I know that the public-domain Mozilla Organization has a mechanism in
place for users to report (and I might add, get rewarded) for turning in
newly discovered security vulnerabilities in their public-domain
software.
As I computer professional, how do I let private-sector Microsoft know
that I have discovered an undocumented security vulnerability in WinXP
SP2 and IE6 (especially before a hacker exploits it and causes trouble)?
Thanks,
Steve