Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Internet Explorer Sends Potentially Sensitive Web Browser Contents to Microsoft via the Network When an Error Occurs
|
|
SecurityTracker Alert ID: 1002560 |
|
SecurityTracker URL: http://securitytracker.com/id/1002560
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 16 2001
|
Impact:
Disclosure of system information, Disclosure of user information
|
|
Version(s): IE 5 and higher
|
Description:
The U.S. Department of Energy Computer Incident Advisory Center (CIAC) warned of an "Error Reporting" feature in Microsoft Internet Explorer that causes potentially sensitive user information to be sent over the network to Microsoft when errors occur.
It is reported that, in the default configuration, the Error Reporting feature may send portions of the user's web browser contents to Microsoft along with debugging information. No further details were provided.
The CIAC advisory is available at:
http://www.ciac.org/ciac/bulletins/m-005.shtml
|
Impact:
Portions of the local user's web browser contents may be sent to Microsoft along with debugging information when an error occurs in the application.
|
Solution:
CIAC reports that disabling Error Reporting in Internet Explorer varies depending on which version of IE is being used. Special instructions for IE 6 on Windows XP are provided at the bottom of this section.
For IE, CIAC recommends first trying to remov Internet Explorer Error Reporting using the Control Panel:
1.Click Start, point to Settings, and then click Control Panel.
2.Double-click Add/Remove Programs.
3.In the list of installed programs, click Internet Explorer Error Reporting, and then click Add/Remove (Windows 98, Me,
NT 4) or Remove (Windows 2000).
4.Click OK.
If Internet Explorer Error Reporting is not present in Add/Remove Programs, use the Registry script available at http://www.ciac.org/ciac/bulletins/office/UnWatsonIE6.reg to disable it.
CIAC notes that only administators have access to the Registry.
For Internet Explorer 6 on Windows XP, the following steps can be used to disable Error Reporting:
1.Click Start, and then click Control Panel (or point to Settings, and then click Control Panel).
2.Double-click System (or click "Switch to Classic View", and then double-click System).
3.Click the Advanced tab, and then click Error Reporting.
4.Click "Disable error reporting" to disable both user and kernel-mode error reporting, or click to clear the Programs check
box.
5.Click OK, then click OK again.
Administrators can disable error reporting in Windows XP Professional by setting Report Errors to Disabled in Group Policy Editor (Gpedit.msc) in the Computer Configuration\Administrative Templates\System\Error Reporting folder.
|
Vendor URL: www.microsoft.com/technet/security (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 15 Oct 2001 14:11:52 -0700 (PDT)
Subject: BULLETIN M-005 Office XP Error Reporting May Send Sensitive Documents to Microsoft
|
[For Public Release]
-----BEGIN PGP SIGNED MESSAGE-----
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Center
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
Office XP Error Reporting May Send Sensitive Documents to Microsoft
October 15, 2001 20:00 GMT Number M-005
______________________________________________________________________________
PROBLEM: Microsoft Office XP and Internet Explorer version 5 and later
are configured to automatically send debugging information to
Microsoft in the event of a program crash. The debugging
information includes a memory dump which may contain all or
part of the document being viewed or edited. This debug message
potentially could contain sensitive, private information.
PLATFORM: Microsoft Office XP
Microsoft Internet Explorer 5.0 and later
Microsoft Windows XP
Microsoft has indicated that this will be a feature of all new
Microsoft products.
DAMAGE: Sensitive or private information could inadvertently be sent to
Microsoft. Some simple testing of the feature found document
information in one message out of three.
SOLUTION: Apply the registry changes listed in this bulletin to disable
the automatic sending of debugging information. If you are
working with sensitive information and a program asks to send
debugging information to Microsoft, you should click No.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM/LOW. Sensitive documents could be sent to
ASSESSMENT: Microsoft.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/m-005.shtml
PATCHES: Office XP:
http://www.ciac.org/ciac/bulletins/office/UnWatsonXP.reg
IE:
http://www.ciac.org/ciac/bulletins/office/UnWatsonIE6.reg
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
iQCVAwUBO8tQX7nzJzdsy3QZAQFZmwQAsuSWtcq5Awto+CfFt3tlOfn7LaOwGgLW
4kdmc88VtNlOiBOkKWN9iNiYRwHRDcgewbj192VJQ0HLj3gYwG9+WvXKG6l+p+yv
F8kI4vj6A+7W4O8RINdsde/93Zvjc/HV7xEjTUf4mGrTszroedWSKqfJpG7NM/Gx
c5hKuVfjr5g=
=hGr1
-----END PGP SIGNATURE-----
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server. If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
|
|
Go to the Top of This SecurityTracker Archive Page
|
