Return-Path: <sentto-279987-3012-1003249782-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 16 Oct 2001 09:31:08 -0700 (PDT)
Received: (qmail 6178 invoked by uid 510); 16 Oct 2001 16:29:23 -0000
Received: from n2.groups.yahoo.com (216.115.96.52) by 204.181.12.215 with SMTP; 16 Oct 2001 16:29:23 -0000
X-eGroups-Return: sentto-279987-3012-1003249782-fc=all.net@returns.onelist.com
Received: from [10.1.4.56] by n2.groups.yahoo.com with NNFMP; 16 Oct 2001 16:29:42 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 16 Oct 2001 16:29:41 -0000
Received: (qmail 30702 invoked from network); 16 Oct 2001 16:29:40 -0000
Received: from unknown (10.1.10.26) by l10.egroups.com with QMQP; 16 Oct 2001 16:29:40 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 16 Oct 2001 16:29:40 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id JAA20804 for iwar@onelist.com; Tue, 16 Oct 2001 09:29:40 -0700
Message-Id: <200110161629.JAA20804@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 16 Oct 2001 09:29:40 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Office.XP.Error.Reporting.May.Send.Sensitive.Documents.to.Microsoft.]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Title
=====
Office XP Error Reporting May Send Sensitive Documents to Microsoft.
Detail
======
October 15, 2001 20:00 GMT Number
M-005
____________________________________________________________________________
__
PROBLEM: Microsoft Office XP and Internet Explorer version 5 and later
are configured to automatically send debugging information to
Microsoft in the event of a program crash. The debugging
information includes a memory dump which may contain all or
part of the document being viewed or edited. This debug
message
potentially could contain sensitive, private information.
PLATFORM: Microsoft Office XP
Microsoft Internet Explorer 5.0 and later
Microsoft Windows XP
Microsoft has indicated that this will be a feature of all
new
Microsoft products.
DAMAGE: Sensitive or private information could inadvertently be sent
to
Microsoft. Some simple testing of the feature found document
information in one message out of three.
SOLUTION: Apply the registry changes listed in this bulletin to disable
the automatic sending of debugging information. If you are
working with sensitive information and a program asks to send
debugging information to Microsoft, you should click No.
____________________________________________________________________________
__
VULNERABILITY The risk is MEDIUM/LOW. Sensitive documents could be sent to
ASSESSMENT: Microsoft.
____________________________________________________________________________
__
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/m-005.shtml
PATCHES: Office XP:
<a href="http://www.ciac.org/ciac/bulletins/office/UnWatsonXP.reg">http://www.ciac.org/ciac/bulletins/office/UnWatsonXP.reg>
IE:
<a href="http://www.ciac.org/ciac/bulletins/office/UnWatsonIE6.reg">http://www.ciac.org/ciac/bulletins/office/UnWatsonIE6.reg>
____________________________________________________________________________
__
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:55 PST