Warning: Microsoft's "error reporting" can send your data across the internet
As you know, Lawrence Livermore National Laboratory works hard to protect
the data processed by employees on LLNL’s computers and networks.
In this spirit, we need to alert employees to a new security issue found
in the latest Microsoft products. Microsoft’s Office XP, Windows
XP, and Internet Explorer version 5 or higher offer a feature called "Error
Reporting." This feature introduces a security risk to employees
who use these products.
Microsoft’s "error reporting" feature
The "Error Reporting" feature is activated when a user experiences
a crash. Upon recovering from the crash, a window appears similar to
t
he
graphic at left.
If the user clicks on the "Send Error Report" button, an error
report is automatically sent across the Internet to Microsoft. That report
includes, among other information, the condition of the application when
the problem occurred, the operating system version, your product license
ID, the IP address of your computer, AND all or part of the data from
files that were open at the time of the crash.
If you select "click here " to see what is in the data report,
you will find the following; "We do not intentionally collect your
files, name, address, email address, or any other form of personally identifiable
information. However, the error report could contain customer-specific
information such as data from open files. While this information could
potentially be used to determine your identity, if present, it will not
be used."
In spite of this assurance, LLNL users need to realize that the content
of their files and other user information will be transmitted to Microsoft
across the Internet – in some cases, the entire document will be
sent.
Users should have the error reporting feature turned off
A user who receives the "error reporting" window should contact
his/her system administrator to turn off this feature. Until the feature
is turned off, employees are instructed to make sure they click the "Don’t
Send" button when this window appears.
Steps LLNL is taking
In the short term, LLNL is pursuing several efforts to solve this problem:
• Educating users to press the "Don’t Send" button
if they crash and receive the error reporting window,
• Investigating ways to block the outgoing information at the firewall,
• Updating computer images to have error reporting turned off in
all Microsoft products delivered to LLNL desktops, and
• Providing necessary files and information to technical staff to
turn off error reporting in software already deployed (
http://snd.llnl.gov/helpdesk/watson.html
).
In addition, the Systems and Network Department (SND) has temporarily
moved the Office XP download to a "Tech Only" download site
to ensure the software is properly configured when installed.
Looking ahead
This issue is not going away. In working with Microsoft to find ways to
mitigate this problem, Microsoft told us that all future products and
product upgrades will contain this new error reporting mechanism and that
there are no plans to create a "government" version of their
software that does not send this information back to Microsoft. The steps
outlined above will not permanently prevent potentially sensitive information
from being sent across the Internet to Microsoft. As long as it is possible
for someone to install an off-the-shelf Microsoft product without turning
off this feature, the threat persists. Even if LLNL were able to block
the feature at the firewall, that solution would fail if Microsoft changes
the address to which the data is sent or if an employee is working on
a system located outside of the firewall.
We will keep employees informed about progress on this issue. Employees
should work with their systems administrators to ensure this feature is
turned off. Until then, employees should click the "Don’t Send"
button. Addition information concerning this issue is available on the
CAIC website
http://www.ciac.org/ciac/
(bulleting M-005c).
Ted Michels is the principal deputy associate director for Computation
and LLNL’s acting chief information officer (CIO).