Oct. 26, 2001

Warning: Microsoft's "error reporting" can send your data across the internet

As you know, Lawrence Livermore National Laboratory works hard to protect the data processed by employees on LLNL’s computers and networks. In this spirit, we need to alert employees to a new security issue found in the latest Microsoft products. Microsoft’s Office XP, Windows XP, and Internet Explorer version 5 or higher offer a feature called "Error Reporting." This feature introduces a security risk to employees who use these products.

Microsoft’s "error reporting" feature
The "Error Reporting" feature is activated when a user experiences a crash. Upon recovering from the crash, a window appears similar to t he graphic at left.

If the user clicks on the "Send Error Report" button, an error report is automatically sent across the Internet to Microsoft. That report includes, among other information, the condition of the application when the problem occurred, the operating system version, your product license ID, the IP address of your computer, AND all or part of the data from files that were open at the time of the crash.

If you select "click here " to see what is in the data report, you will find the following; "We do not intentionally collect your files, name, address, email address, or any other form of personally identifiable information. However, the error report could contain customer-specific information such as data from open files. While this information could potentially be used to determine your identity, if present, it will not be used."

In spite of this assurance, LLNL users need to realize that the content of their files and other user information will be transmitted to Microsoft across the Internet – in some cases, the entire document will be sent.

Users should have the error reporting feature turned off
A user who receives the "error reporting" window should contact his/her system administrator to turn off this feature. Until the feature is turned off, employees are instructed to make sure they click the "Don’t Send" button when this window appears.

Steps LLNL is taking
In the short term, LLNL is pursuing several efforts to solve this problem:

• Educating users to press the "Don’t Send" button if they crash and receive the error reporting window,
• Investigating ways to block the outgoing information at the firewall,
• Updating computer images to have error reporting turned off in all Microsoft products delivered to LLNL desktops, and
• Providing necessary files and information to technical staff to turn off error reporting in software already deployed ( http://snd.llnl.gov/helpdesk/watson.html ).

In addition, the Systems and Network Department (SND) has temporarily moved the Office XP download to a "Tech Only" download site to ensure the software is properly configured when installed.

Looking ahead
This issue is not going away. In working with Microsoft to find ways to mitigate this problem, Microsoft told us that all future products and product upgrades will contain this new error reporting mechanism and that there are no plans to create a "government" version of their software that does not send this information back to Microsoft. The steps outlined above will not permanently prevent potentially sensitive information from being sent across the Internet to Microsoft. As long as it is possible for someone to install an off-the-shelf Microsoft product without turning off this feature, the threat persists. Even if LLNL were able to block the feature at the firewall, that solution would fail if Microsoft changes the address to which the data is sent or if an employee is working on a system located outside of the firewall.

We will keep employees informed about progress on this issue. Employees should work with their systems administrators to ensure this feature is turned off. Until then, employees should click the "Don’t Send" button. Addition information concerning this issue is available on the CAIC website http://www.ciac.org/ciac/ (bulleting M-005c).

Ted Michels is the principal deputy associate director for Computation and LLNL’s acting chief information officer (CIO).