Return-Path: <sentto-279987-3012-1003249782-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 16 Oct 2001 09:31:08 -0700 (PDT) Received: (qmail 6178 invoked by uid 510); 16 Oct 2001 16:29:23 -0000 Received: from n2.groups.yahoo.com (216.115.96.52) by 204.181.12.215 with SMTP; 16 Oct 2001 16:29:23 -0000 X-eGroups-Return: sentto-279987-3012-1003249782-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by n2.groups.yahoo.com with NNFMP; 16 Oct 2001 16:29:42 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 16 Oct 2001 16:29:41 -0000 Received: (qmail 30702 invoked from network); 16 Oct 2001 16:29:40 -0000 Received: from unknown (10.1.10.26) by l10.egroups.com with QMQP; 16 Oct 2001 16:29:40 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 16 Oct 2001 16:29:40 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id JAA20804 for iwar@onelist.com; Tue, 16 Oct 2001 09:29:40 -0700 Message-Id: <200110161629.JAA20804@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 16 Oct 2001 09:29:40 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Office.XP.Error.Reporting.May.Send.Sensitive.Documents.to.Microsoft.] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Title ===== Office XP Error Reporting May Send Sensitive Documents to Microsoft. Detail ====== October 15, 2001 20:00 GMT Number M-005 ____________________________________________________________________________ __ PROBLEM: Microsoft Office XP and Internet Explorer version 5 and later are configured to automatically send debugging information to Microsoft in the event of a program crash. The debugging information includes a memory dump which may contain all or part of the document being viewed or edited. This debug message potentially could contain sensitive, private information. PLATFORM: Microsoft Office XP Microsoft Internet Explorer 5.0 and later Microsoft Windows XP Microsoft has indicated that this will be a feature of all new Microsoft products. DAMAGE: Sensitive or private information could inadvertently be sent to Microsoft. Some simple testing of the feature found document information in one message out of three. SOLUTION: Apply the registry changes listed in this bulletin to disable the automatic sending of debugging information. If you are working with sensitive information and a program asks to send debugging information to Microsoft, you should click No. ____________________________________________________________________________ __ VULNERABILITY The risk is MEDIUM/LOW. Sensitive documents could be sent to ASSESSMENT: Microsoft. ____________________________________________________________________________ __ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/m-005.shtml PATCHES: Office XP: <a href="http://www.ciac.org/ciac/bulletins/office/UnWatsonXP.reg">http://www.ciac.org/ciac/bulletins/office/UnWatsonXP.reg> IE: <a href="http://www.ciac.org/ciac/bulletins/office/UnWatsonIE6.reg">http://www.ciac.org/ciac/bulletins/office/UnWatsonIE6.reg> ____________________________________________________________________________ __ ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:55 PST