Due to the error reporting function of Windows, it turns out that there is a danger that various data such as individual identification code of PC leaks

ByColin Charles

Windows has a crash reporting function that sends error contents when an application crashes, but this function is used to perform general system events such as connecting a terminal such as iPhone with the USB terminal It was discovered that information such as identification code of the PC terminal was automatically transmitted when it was done.

Are Your Windows Error Reports Leaking Data? - Security Labs
http://community.websense.com/blogs/securitylabs/archive/2013/12/29/dr-watson.aspx

The error reporting function (WER) of Windows is a technology introduced from Windows XP, error information transmitted by the user is accumulated by Microsoft, and if there is a message associated with the error category, the userHow you can receive messages as a response to an error reportHas been adopted. WER is a useful tool for IT security administrators because this message information includes network infrastructure, services, applications and their version information. According to Microsoft data, about 80% of all Windows PCs are participating in the WER program, and Windows PCs participating in 2009 are estimated to exceed 1 billion units.

This is an example of the data sent to watson.microsoft.com through WER. In addition to the error in Firefox, Acer's "Aspire 1930"PC model number and terminal identification information are transmitted.


In WER, you can basically decide whether or not the user will send the report arbitrarily. But Microsoft'sPrivacy Statement, It is clearly indicated that information may be sent without notifying the user.


Information security companyWebsenseAccording to WER, besides the crash report, "Were an external device connected to the USB terminal of the PC" "Failed to update the application" "TCPIt has been clarified that information is being transmitted even when a general system event such as "timeout from" has occurred. When iPhone is connected to USB terminal of Windows machine, date, terminal name connected to USB, terminal manufacturer, terminal revision, Windows PC OS and service pack, PC manufacturer / model name, PC Information such as BIOS version and machine identification code has been sent to watson.microsoft.com.

This is information sent when iPhone 5 is connected to PC. Sony's "VPCEC 3 DFX"In addition to being a PC with a model number, you can see that OS version / service pack information and PC terminal identification information are included.


Websense is concerned with the fact that these information are transmitted without being encrypted from a Windows PC that is also frequently used by companies. In the unlikely event that these transmission information is acquired by a malicious person, there is a danger that information leaks or hacking using security vulnerability is done.

Websense,TLSFor PCs using Windows XP, Vista, 7 excluding Windows 8 / 8.1 encrypted in Ideally it is desirable to encrypt with TLS 1.2 when sending information as a report However, even if it is impossible, we recommend that you use the report function after encrypting with SSL at least.