RE: How do I report a security flaw in SUS product

From: Michael Laing [MS] (
Date: 11/13/02

From: (Michael Laing [MS])
Date: Wed, 13 Nov 2002 01:05:29 GMT

Microsoft has an official process for investigating possible security
vulnerabilities. Please send as much information as you have regarding the
possible vulnerability to Microsoft will respond to
you within 24 hours and will open an investigation based on the information
you provide.


Michael Laing
Microsoft Developer Support
Internet Information Server

>>Please do not send email directly to this alias. This is an online
account name for newsgroup participation only.<<

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
2002 Microsoft Corporation. All rights reserved.
| Content-Class: urn:content-classes:message
| From: "James McVicar" <>
| Sender: "James McVicar" <>
| Subject: How do I report a security flaw in SUS product
| Date: Tue, 12 Nov 2002 07:18:24 -0800
| Lines: 5
| Message-ID: <e76301c28a5e$be7eb8d0$2ae2c90a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcKKXr5+WSVmAK0UQrWTc3kU4yS0WQ==
| Newsgroups:
| Path: cpmsftngxa09
| Xref: cpmsftngxa09
| NNTP-Posting-Host: TKMSFTNGXA14
| X-Tomcat-NG:
| I have discovered a major security risk associated with
| the Software Update Services product that runs on IIS.
| How do I report that to MS?