The new policy requires developers to update apps within 180 days when security vulnerabilities are found but are not being actively exploited. If the developer doesn't fix the app, Microsoft will remove it from the Store. If necessary, Microsoft can remove the app immediately. You can report vulnerabilities in Store apps to [email protected].
Read more here: