Websense has found that Windows standard error reports are leaking information which could be used by a hacker to craft specific attacks and compromise networks. According to the outfit, Windows Error Reporting (WER), known as Dr Watson, sends out its crash logs which can be tracked by eavesdroppers to map out vulnerable endpoints and gain a foothold within the network for more advanced penetration.
WER is used by 80 percent of all network-connected PCs and Dr. Watson reports information that hackers use to find and exploit weak systems such as OS, service pack and update versions.
Crashes are especially useful for attackers since they may pinpoint a new exploitable code flaw for a zero-day attack.
Alexander Watson (no relation), director of security research at Websense, says the company has come up with an attack method which can snoop on Windows leaks and use them for an attack. He will be presenting his research at the 2014 RSA Conference in San Francisco next month.
Microsoft says that administrators can implement fine-grained control over automated error reporting through pushing group policies to computers on the network.
But Websense has discovered that by default many organizations are reporting in clear-text specific information about applications, services, and hardware through Microsoft Error Reporting.
These application reports are not just limited to crashes, but also events such as failed application updates, USB device insertions, and in some cases even TCP Timeouts between computers on the network, a large percentage of which is sent in HTTP clear text.