Located towards the bottom of the SDK github page is a header titled ‘Reporting Security Issues’. https://github.com/microsoft/mixed-reality-extension-sdk

Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) at secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter.


What is MSRC?

MSRC is the Microsoft Security Response Center which is an internal department that investigates all reports of security vulnerabilities affecting Microsoft services and products. Since AltSpaceVR is owned by Microsoft this falls into this department when it comes to security concerns regarding AltSpace.

Before Reporting to MSRC

The MSRC isn’t an external department of AltSpaceVR or an external complaints team or ban appeal. They cannot help you with your world or account issues in the general scope of things. You will need to contact AltSpaceVR support and I would recommend for anything to do with security or account issues to report first to AltSpaceVR.

You can contact the staff at campfire if you have security concerns which if not addressed by the campfire staff, you can submit a support ticket.

If you feel that your security concern is not being addressed or you are not satisfied with the AltVR’s response you can take your concerns directly to this department as a last resort.

Kinds of issues worth reporting to MSRC

  • DDOS/cyber attacks on Microsoft infrastructure
  • Account exploit attempts and hacks
  • Server exploits
  • MRE exploits
  • Client exploits ie: If someone had the ability to spoof their avatar to appear as someone else or impersonate an admin.