Research carried out by Websense Security Labs shows that data sent from computers through Microsoft Error Reporting could be intercepted by hackers and used to formulate an attack. The problem stems from the fact that crash reports are transmitted in a very easily interpreted form, and they can contain quite detailed information about the systems from which they were sent — information that could be easily exploited by a hacker.
The research points out that while the sending of error reports to Microsoft in the event of a system or application crash usually requires user confirmation, there are instances when data is transmitted without any user interaction. For example, when a new USB device is connected, details of the device as well as information about the host computer such as the version of Windows that is in use, what Service Packs are installed, BIOS version number and much more.
This may seem like fairly innocuous data, but for a hacker targeting a large corporation, it is invaluable. It makes it possible to pinpoint weaknesses in a network, target known security holes and more. The frequency at which error reports may be generated means that it would be very easy for a potential hacker to build up a detailed picture of a company’s network.
As Websense points out, “crashes are especially useful for attackers since they may pinpoint a new exploitable code flaw for a zero-day attack.”
This is obviously going to be of concern to any business, but there are steps that can be taken to help minimize the risks:
“Websense recommends that organizations set group policies (when possible) to force encryption on all telemetry reports and periodically audit their own network and applications for inadvertent leaking of information with security implications.”
We reached out to Microsoft for a response but were given a generalized answer. “Microsoft does not provide any Government with direct or unfettered access to our customer’s data. We would have significant concerns if the allegations about Government actions are true. Regardless, we continue to review our encryption technologies and practices and have commented on the multiple investments we continue to make, on our Microsoft on the Issues blog,” a Microsoft spokesperson told WinBeta.
