即使经过专业人士的严格测试,任何软件都可能出现问题。Windows和Microsoft(Windows)开发的任何其他产品也是如此(Microsoft)。好消息是,如果有人想分享他们对软件的反馈,微软是开放的。(Microsoft)在这篇文章中,我们将分享如何向Microsoft报告错误、问题或漏洞。
在我们开始之前,让我们了解错误、问题或漏洞之间的基本区别。
- 错误(bug)是出现故障时。有时这不应该发生,但在某些情况下会发生。您也可以将其称为 软件中的缺陷,( flaw in the software)这是由于编码问题。
- 一个问题(issue)是开发人员始终没有过错。有时最终屏幕( the requirement of the final screen)或产品的要求没有正确通过。
- 漏洞( vulnerability)意味着有人可以在未经许可的情况下访问您的计算机或服务器。( gain access to your computer)这是一个高层问题,任何公司都会认真对待,并尽早解决。
(Report Bug)向Microsoft报告错误、问题(Issue)或漏洞(Vulnerability)
既然我们已经清楚了术语,明智的做法是直接向Microsoft(Microsoft)报告这些术语。您应该始终向公司报告它们的主要原因是没有人希望错误地使用缺陷。特别(Specially)脆弱。
报告安全漏洞
由于这是一个高级威胁,Microsoft提出了一条建议来帮助您了解安全漏洞的含义。通常很难找到或发现这样的问题,除非您对软件及其工作原理非常了解。Microsoft建议,如果您找到一个,请通过[email protected]将报告发送到Microsoft 安全响应中心(Microsoft Security Response Center)。
该报告还包括附加一些细节,这些细节可以帮助微软(Microsoft)更好地理解问题。这是列表:
- 问题类型(缓冲区溢出、SQL注入、跨站点脚本等)
- 包含错误的产品和版本,或URL(如果用于在线服务)
- 已安装产品的Service(Service) Pack、安全更新或其他更新
- 重现问题所需的任何特殊配置
- 在全新安装中重现问题的分步说明
- 概念验证或漏洞利用代码
- 问题的影响,包括攻击者如何利用该问题
您也可以访问msrc.microsoft.com。
微软漏洞赏金计划
也就是说,如果您是经常这样做的技术人员,您可以随时参加Bug Bounty计划。您可以在此处(here)找到有关 Microsoft Bug Bounty页面的更多详细信息。为了确保付出的努力是值得的,你也会得到回报。确保继续检查活跃的赏金计划(Active Bounty Programs)列表。
报告时,您必须使用 Microsoft 安全响应中心 PGP 密钥。(Microsoft Security Response Center PGP Key.)团队会发回响应。Microsoft收到报告后,他们将按照以下流程处理所有漏洞报告:
- 对您的报告进行分类,并确定他们是否应该立案进行更深入的调查。
- (Investigate)根据公布的服务标准进行调查并采取行动。
- 当他们发布修复程序时,公开(Publicly)承认您对保护生态系统的贡献。
报告错误和问题
错误和问题通常可以安全地公开发布。这是Microsoft要求我们在(Microsoft)Microsoft 社区(Microsoft Community)页面上发布有关它的地方 - http://support.microsoft.com/gp/contactbug/
。在这里,您可以完整详细地解释您的问题,添加屏幕截图,并让社区成员帮助您。每当您发布内容时,请确保选择正确的类别。
除了MVP之外,Microsoft还拥有自己的工程师来密切关注这些问题。如果他们发现了很多人报告的东西,公司可能会承认并检查它。
反馈中心
在微软启动Windows Insiders Program之后,他们推出了一个内置的报告选项。命名为反馈中心。它已预先安装在您的计算机上。
启动它,您将看到两个主要选项。报告(Report)问题,并建议(Suggest)功能。您可以使用它来关注热门问题,查找您遇到的问题等等。
反馈(Feedback HUB)中心做得很好,你不需要去任何公共论坛报告问题和错误。您可以在中心搜索相关问题,对其进行投票,并分享您的解决方案。很多时候,一个功能被多次请求,以至于微软(Microsoft)不得不考虑它。他们甚至将其纳入下一次功能更新或重大升级。
它还包括来自 Microsoft(Announcements from Microsoft)的关于新功能和主要推出的公告。您还可以使用此工具将诊断数据从您的计算机发送到Microsoft。此工具将捕获您在计算机上模拟该问题的操作,然后将其发送给Microsoft。
阅读(Read):如何向 Microsoft发送有关 Windows 11 的反馈或投诉。
报告 Windows 激活错误
如果您的 Windows 11/10 是正版,但您仍然收到与非正版软件相关的错误,您可以使用以下步骤进行跟进。
- 打开管理员命令提示符(Administrator command prompt),然后粘贴下面的代码并按Enter
Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab
- 复制结果并上传到 One Drive,然后找到Windows在桌面上创建的txt文件,然后将两者上传到 One Drive
- 转到Microsoft 产品激活呼叫中心(Microsoft Product Activation Call Center)并提交您的报告。
除此之外,如果您有任何要报告的问题,您无法通过安全更新登录的产品问题。如果您需要更多信息,请查看此 Microsoft 页面。(look at this Microsoft page.)
Microsoft 努力为 Windows 带来最佳体验,我们强烈建议您在发现错误、问题或漏洞时也向 Microsoft 报告。(Microsoft does hard work to bring the best experience to Windows, and we will strongly suggest you also report bugs, issues or vulnerabilities to Microsoft when you find them.)
How to report Bug, Issue or Vulnerability to Microsoft
Any software can have issues even though they рass through rigorous testing by professionаls. The same happens with Windows and any other products devеloped by Microsoft. The good thing is that Microsoft is open if sоmebody wants to share their feedbаck for their software. In this post, we will share how you can report a bug, issue or vulnеrabilіty tо Micrоsoft.
Just before we start, let’s understand the basic difference between bug, issue, or vulnerability.
- A bug is when there is a glitch. Sometimes that should not have happened, but happens under some circumstances. You can also call it a flaw in the software which is because of a coding problem.
- An issue is where there is no fault of the developer all the time. Sometimes the requirement of the final screen or product did not pass through correctly.
- A vulnerability means that someone can gain access to your computer or server without permission. This is a high-level issue, and any company will take this seriously, and resolve this at the earliest.
Report Bug, Issue or Vulnerability to Microsoft
Now that we are clear about the terminology, it is wise that these are reported directly to Microsoft. The primary reason that you should always report them to the company is that no one wants a flaw to get used incorrectly. Specially vulnerability.
Report Security Vulnerability
Since this is a high-level threat, Microsoft has put up a piece of advice to help you understand what Security Vulnerability means. Usually it’s difficult to find or spot such a problem unless you know a lot about software, and how it may work. Microsoft recommends that if you find one, it is requested to send the report to the Microsoft Security Response Center at [email protected].
The reporting also includes attaching some details which can help Microsoft understand the problem better. Here is the list:
- Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
- Product and version that contains the bug, or URL if for an online service
- Service packs, security updates, or other updates for the product you have installed
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue on a fresh install
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
You can also here at msrc.microsoft.com.
Microsoft Bug Bounty program
That said, if you are a tech person who does this often, you can always take part in the Bug Bounty program. You can find more details about the Microsoft Bug Bounty page here. To make sure the effort is worth it, you also get rewarded. Make sure to keep checking on the list of Active Bounty Programs.
When reporting, you will have to use the Microsoft Security Response Center PGP Key. A response is sent back from the team. Once Microsoft receives the report, they will follow these processes for all vulnerability reports:
- Triage your report and determine if they should open a case for a more in-depth investigation.
- Investigate and take action according to the published servicing criteria.
- Publicly acknowledge your contribution to protecting the ecosystem when they release a fix.
Report Bugs and Issues
Bugs and Issues are usually safe to post in public. This is where Microsoft asks us to post about it on the Microsoft Community page – http://support.microsoft.com/gp/contactbug/
. Here you can explain your problem in complete detail, add a screenshot, and let community members help you. Whenever you post something, make sure to choose the correct category.
Apart from MVPs, Microsoft has its own Engineers who keep a tab on the issues. If they find something which is reported by many people, the company may acknowledge, and check on it.
Feedback HUB
After Microsoft started the Windows Insiders Program, they rolled out an inbuilt reporting option. Named as Feedback HUB. It’s pre-installed on your computer.
Launch it and you will see two major options. Report an issue, and Suggest a feature. You can use this to keep a tab on a popular issue, find issues that you have faced, and so on.
The Feedback HUB is so well done, that you do not need to go to any public forum to report issues and bugs. You can search for related issues in the hub, upvote it, and share your solution as well. Many a time a feature is requested so many times, that Microsoft has to think about it. They even make it into the next feature update or major upgrade.
It also includes Announcements from Microsoft for new features and major rollouts. You can also use this tool to send out diagnostic data from your computer to Microsoft. This tool will capture your actions on your computer which simulates that problem and then send it to Microsoft.
Read: How to send Feedback or Complain about Windows 11 to Microsoft.
Report Windows Activation errors
If your Windows 11/10 is genuine, but you still receive errors relating to a non-genuine software, you can follow up by using the steps below.
- Open Administrator command prompt then paste the code below and hit Enter
Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab
- Copy the result and upload to One Drive, then locate the txt file Windows created on your desktop then upload both to One Drive
- Go to the Microsoft Product Activation Call Center and lay your report.
Apart from these, if you have anything to report, issues around your products where you cannot log in issues with a security update. If you need more information take a look at this Microsoft page.
Microsoft does hard work to bring the best experience to Windows, and we will strongly suggest you also report bugs, issues or vulnerabilities to Microsoft when you find them.