View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
January 3, 2014

Websense reveals Windows Error Reporting vulnerable to hackers

Windows' Dr Watson programme inadvertently leaks business data in crash logs.

By Claire Vanner

Websense has revealed that Microsoft could be inadvertently leaking businesses vulnerability data to cybercriminals through Windows Error Reporting (WER).

Websense recently processed a sample data set from the Websense ThreatSeeker Intelligence Network revealing to investigate the security risk from popular applications and services.

WER, also known as Dr. Watson, predominantly sends out crash logs in the clear. According to Websense Security Labs, these error logs could be used by a threat actor as intelligence to craft specific attacks and compromise networks.

Crashes are especially useful for attackers since they may pinpoint a new exploitable code flaw for a zero-day attack.

"While reporting these crashes is beneficial for organisations in order to understand applications and crashes within their own network, we have found that WER is sending crash logs in the clear, causing attackers to identify vulnerable endpoints to infiltrate more advanced penetration within the system’s networks," said Carl Leonard, Senior Security Research Manager EMEA, Websense.

He added: "What is surprising though, is that without the organisation’s knowledge, information is automatically sent to WER every time a Window’s user connects a new USB device to a computer; information that would be of value to an attacker, causing organisations to be more prone to increased data leaks."

WER reports information that hackers commonly use to find and exploit weak systems, such as OS, service pack and update versions. It is utilised on 80% of network-connected PCs, equating to more than one billion endpoints worldwide.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websense recommends services that report application telemetry and contain information about the security environment and underlying network infrastructure should be encrypted with SSL at a minimum, ideally using TLS 1.2

Leonard advised: "To protect organisations from these attacks we strongly recommend that companies create group policies to force encryption on all telemetry reports and monitor their network for inadvertent leaking of information."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.