[exDM69]

I wonder how easy it is to actually contact Microsoft on matters like this? It would probably take hours upon hours of searching convoluted corporate websites just to get an e-mail address or phone number to contact. Just slamming it on the web and posting on hacker news will take less time and is sure to reach Microsoft's attention quickly :) Sure, it's not responsible but not everyone is.

[WalterGR]

I wonder how easy it is to actually contact Microsoft on matters like this? It would probably take hours upon hours of searching convoluted corporate websites just to get an e-mail address or phone number to contact.

You could go to microsoft.com and type "report a security vulnerability" into the search box. Then click the first result.

[exDM69]

Well that was easy. It even worked on the internationalized version in my native language, which is not common with corporate websites. But that's just the first step, anyway.

[santaragolabs]

Pretty easy; you just email secure@microsoft.com (there are PGP or S/MIME keys available too) and you generally receive a response in a maximum of 48 hours. In most cases you get a reply within a few hours stating that you've passed their spamfilters, that they've done an initial overview of your report and that they will start looking into it.

If you google for "microsoft report security vulnerability" the first page you get is this: http://technet.microsoft.com/en-us/security/ff852094.aspx. Doesn't get much clearer than that in my opinion.