Just before we start, let’s understand the basic difference between bug, issue, or vulnerability.
Report Bug, Issue or Vulnerability to Microsoft
Now that we are clear about the terminology, it is wise that these are reported directly to Microsoft. The primary reason that you should always report them to the company is that no one wants a flaw to get used incorrectly. Specially vulnerability.
Report Security Vulnerability
Since this is a high-level threat, Microsoft has put up a piece of advice to help you understand what Security Vulnerability means. Usually it’s difficult to find or spot such a problem unless you know a lot about software, and how it may work. Microsoft recommends that if you find one, it is requested to send the report to the Microsoft Security Response Center at [email protected]. The reporting also includes attaching some details which can help Microsoft understand the problem better. Here is the list:
Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)Product and version that contains the bug, or URL if for an online serviceService packs, security updates, or other updates for the product you have installedAny special configuration required to reproduce the issueStep-by-step instructions to reproduce the issue on a fresh installProof-of-concept or exploit codeImpact of the issue, including how an attacker could exploit the issue
You can also here at msrc.microsoft.com.
Microsoft Bug Bounty program
That said, if you are a tech person who does this often, you can always take part in the Bug Bounty program. You can find more details about the Microsoft Bug Bounty page here. To make sure the effort is worth it, you also get rewarded. Make sure to keep checking on the list of Active Bounty Programs. When reporting, you will have to use the Microsoft Security Response Center PGP Key. A response is sent back from the team. Once Microsoft receives the report, they will follow these processes for all vulnerability reports:
Triage your report and determine if they should open a case for a more in-depth investigation.Investigate and take action according to the published servicing criteria.Publicly acknowledge your contribution to protecting the ecosystem when they release a fix.
Report Bugs and Issues
Bugs and Issues are usually safe to post in public. This is where Microsoft asks us to post about it on the Microsoft Community page – http://support.microsoft.com/gp/contactbug/. Here you can explain your problem in complete detail, add a screenshot, and let community members help you. Whenever you post something, make sure to choose the correct category. Apart from MVPs, Microsoft has its own Engineers who keep a tab on the issues. If they find something which is reported by many people, the company may acknowledge, and check on it.
Feedback HUB
After Microsoft started the Windows Insiders Program, they rolled out an inbuilt reporting option. Named as Feedback HUB. It’s pre-installed on your computer. Launch it and you will see two major options. Report an issue, and Suggest a feature. You can use this to keep a tab on a popular issue, find issues that you have faced, and so on.
The Feedback HUB is so well done, that you do not need to go to any public forum to report issues and bugs. You can search for related issues in the hub, upvote it, and share your solution as well. Many a time a feature is requested so many times, that Microsoft has to think about it. They even make it into the next feature update or major upgrade. It also includes Announcements from Microsoft for new features and major rollouts. You can also use this tool to send out diagnostic data from your computer to Microsoft. This tool will capture your actions on your computer which simulates that problem and then send it to Microsoft. Read: How to send Feedback or Complain about Windows 11 to Microsoft.
Report Windows Activation errors
If your Windows 11/10 is genuine, but you still receive errors relating to a non-genuine software, you can follow up by using the steps below. Apart from these, if you have anything to report, issues around your products where you cannot log in issues with a security update. If you need more information take a look at this Microsoft page. Microsoft does hard work to bring the best experience to Windows, and we will strongly suggest you also report bugs, issues or vulnerabilities to Microsoft when you find them.