[future_grad]

I am curious to how many trash reports they have to sort through to identify real bug reports. Anyone care to comment?

[taspeotis]

Microsoft sifts through bogus security reports all the time. Raymond Chen posts the best-of-the-worst periodically.

Here are I couple I found:

http://blogs.msdn.com/b/oldnewthing/archive/2011/12/15/10247... http://blogs.msdn.com/b/oldnewthing/archive/2008/03/14/80801...

[mattmanser]

Yeah, but look at what he says in the first link:

Before contacting the submitter, we want to be sure that we weren't missing something, but after looking at it from every angle, we still couldn't see what the issue was.

...Stumped, we contacted the submitter. "From what we can tell, the call to system takes place before you call the Load­Keyboard­Layout function. Can you elaborate on how this constitutes a vulnerability in the Load­Keyboard­Layout function?"