Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends across multiple reported security vulnerabilities. The additional fields are not mandatory fields to submit a report.
The new fields in the submission form will allow the Researcher to include: the ability to report multiple products, CVSS Score, CWE Number, whether the vulnerability is an active exploit, public issue, a missed fixed or missed variant, and a new text field for repro steps. Researchers can use this feature to submit more detailed vulnerability reports providing valuable information that can assist MSRC case managers and security engineers in the assessment of the reported security vulnerability.
Soft launching will occur between July and December 2023, Researchers are encouraged to opt-in to the new user interface by enabling the feature using the following steps.
- Sign into your Researcher Portal Account at MSRC Researcher Portal (microsoft.com)
- Click on the “Report Vulnerability” page (circle with plus sign icon)
- Click on the “gear icon” on the upper right corner and click on preview
- Toggle the slider (Structured Reports) to the right to enable and view the additional fields on the submission form
We highly value your input and would appreciate your feedback on the new fields and their functionality in the submission form. After December 2023, this updated submission form will be the default format for submitting a security vulnerability. Please submit a survey response after you submit your vulnerability report or email us at msrcengpm@microsoft.com if you have any questions.
If you have additional questions, please visit our Frequently Asked Questions (FAQ) page or blog post about What to Expect When Reporting Vulnerabilities to Microsoft.