Error Reports could lead to Attacks

Thursday, January 2, 2014 @ 12:01 PM gHale

Microsoft’s automated Windows error report transmits crash log data in the open, which means attackers could end up viewing the details and learn new ways to target victims, researchers said.

Microsoft Windows Error Reporting, which automatically sends information to the software giant detailing a system crash, does so without encrypting the information, said researchers at Websense Security Labs.

RELATED STORIES
Pulling RSA Keys by Listening
Air Gaps Not Even Secure
Resilience Metrics can Beat Threats
Management Seeing the Security Light

The sensitive information in these reports, which includes the make and model of the machine, BIOS version, ID, and applications, can help attackers profile victims’ computers and networks.

Windows Error Reporting is a default feature in the operating system and works in 80 percent of all networked PCs, or more than 1 billion machines around the world, Websense researchers said. And any crash data could expose a potential Zero Day.

“Applications that report this information without encrypting data risk leaking information at multiple points. This includes any upstream proxies, firewalls, and ISPs that are in between the corporate network and the destination as well as the application developer and their partner organizations,” Websense researchers said in a blog post.

Any services reporting application telemetry and information about network infrastructure and security should at the least have encryption with SSL (TLS 1.2), Websense said. In addition, the researchers said, companies can protect themselves from Microsoft Error Reporting leaks by forcing encryption via group policies and regularly auditing their networks.



Leave a Reply

You must be logged in to post a comment.