Microsoft: Protecting customers through Coordinated Vulnerability Disclosure
Microsoft has expressed concern over recent uncoordinated disclosures of zero-day vulnerabilities that jeopardize customer security. The company emphasizes the importance of Coordinated Vulnerability Disclosure (CVD) to allow for timely updates before vulnerabilities are made public. Microsoft remains committed to working with security researchers and addressing vulnerabilities responsibly to protect its customers.
- ▪Several zero-day vulnerabilities were disclosed without prior notice to Microsoft.
- ▪Microsoft collaborates with security researchers through Coordinated Vulnerability Disclosure to mitigate risks.
- ▪The company opposes uncoordinated disclosures that can harm customers and the digital ecosystem.
Opening excerpt (first ~120 words) tap to expand
.heading-bg-color-layout-container-uidd66a{ background-color: !important; } .row-bg-color-layout-container-uid35b3{ background-color: !important; } A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure MSRC / By MSRC / May 27, 2026 In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk. Every year, we work with hundreds of security researchers through Coordinated Vulnerability Disclosure (CVD) – the industry standard that asks researchers to share their findings with affected vendors to give them an opportunity to understand the impact and address it before the details are made public.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Microsoft.