All vulnerability reports to MSI are bouncing due to a full mailbox

Today I tried to report a critical vulnerability I found in some MSI related software, which hopefully you all will be reading soon enough.

However, in the process of reporting their vulnerability I have run into an issue I think all security researchers should be aware of.

All vulnerability reports to psirt@msi.com are currently being blackholed, due to the destination inbox being full.

The exact error being:

Remote Server returned '554 5.2.2 mailbox full; STOREDRV.Deliver.Exception: QuotaExceededException.MapiExceptionShutoffQuotaExceeded;

I only realised my email had been blackholed, because their automated systems immediately replied with a blank response but containing two .eml attachments.

Usually when I get an immediate response back containing a .eml attachment it means the email has bounced. Further inspection of the .eml files confirmed this to be the case, and that the bounce was due to a full mailbox.

The majority of researchers will likely not have realised this, meaning that weeks or months worth of reported vulnerabilities are remaining unpatched and exploitable because of MSI’s blunder.