A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure
This is the Trace Id: 1020a641574ae59162d9d56ca04010c7
Skip to main content
MSRC
Report Security Vulnerability<br>Report Abuse<br>Report Infringement<br>Submission FAQs<br>Reporting Vulnerability
Security Update Guide<br>Exploitability index<br>Developer API documentation<br>Frequently Asked Questions<br>Technical Security Notifications<br>Glossary
Microsoft Bug Bounty Programs<br>Microsoft Active Protections Program<br>BlueHat Security Conference<br>Researcher Recognition Program<br>Windows Security Servicing Criteria<br>Researcher Resource Center
Microsoft Security Response Center<br>Security Research & Defense<br>BlueHat Conference Blog
Security Researcher Acknowledgments<br>Online Services Researcher Acknowledgments<br>AI Safety Acknowledgements<br>Security Researcher Leaderboard
A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure
MSRC
By MSRC
May 27, 2026
In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk.
Every year, we work with hundreds of security researchers through Coordinated Vulnerability Disclosure (CVD) – the industry standard that asks researchers to share their findings with affected vendors to give them an opportunity to understand the impact and address it before the details are made public.
This partnership allows us to make updates to impacted services before proof-of-concept code can make it into the hands of bad actors. Through this valuable partnership we also ensure researchers are compensated for their responsible disclosures and publicly acknowledged for their expertise.
The vulnerabilities known as RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma were not responsibly disclosed. In response to the unnecessary risk created by these disclosures, our security teams have been working around the clock to understand the impact, protect our customers, and develop security updates.
We remain firmly opposed to these actions, and any disclosure outside proper coordination that could harm our customers and the digital ecosystem. Uncoordinated disclosures that put proof-of-concept code for unpatched vulnerabilities into the hands of bad actors are never justifiable and have real-world consequences. Our security teams across the company work tirelessly tracking threat actors who look for weaknesses just like these to attack Microsoft and our customers. Our Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity – coordinating as needed with law enforcement around the world.
We invite diverse perspectives that help the security community work together to protect everyone. We realize that we will not always agree on everything, but we are committed to transparency and continue to create opportunities for dialogue. These conversations happen at researcher appreciation events, security conferences, and the everyday work we do together to understand and address vulnerabilities.
Our team will continue to support responsible research as we do everything we can to quickly investigate, address, and release updates for vulnerabilities that impact our customers. We always have and will continue to welcome vulnerability submissions from anyone through our public researcher portal, regardless of past interactions or reputation.
MSRC Team
Categories
Tags
Surface Pro<br>Surface Laptop<br>Surface Laptop Studio 2<br>Copilot for organizations<br>Copilot for personal use<br>AI in Windows<br>Explore Microsoft products<br>Windows 11 apps
Account profile<br>Download Center<br>Microsoft Store support<br>Returns<br>Order tracking<br>Certified Refurbished<br>Microsoft Store Promise<br>Flexible Payments
Microsoft in education<br>Devices for education<br>Microsoft Teams for Education<br>Microsoft 365 Education<br>How to buy for your school<br>Educator training and development<br>Deals for students and parents<br>AI for education
Microsoft AI<br>Microsoft Security<br>Dynamics 365<br>Microsoft 365<br>Microsoft Power Platform<br>Microsoft Teams<br>Microsoft 365 Copilot<br>Small Business
Azure<br>Microsoft Developer<br>Microsoft Learn<br>Support for AI marketplace apps<br>Microsoft Tech Community<br>Microsoft Marketplace<br>Software companies<br>Visual Studio
Careers<br>About Microsoft<br>Company news<br>Privacy at Microsoft<br>Investors<br>Diversity and inclusion<br>Accessibility<br>Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon
Your Privacy Choices
Your Privacy Choices Opt-Out Icon
Your Privacy Choices
Consumer Health Privacy
Sitemap<br>Contact Microsoft<br>Privacy<br>Manage cookies<br>Terms of use<br>Trademarks<br>Safety & eco<br>Recycling<br>About our ads