The Computer Incident Advisory Capability (CIAC), a US
Government department, has issued a warning that users of Microsoft
Windows XP, Office XP and Internet Explorer (versions 5.0 and
above) risk unknowingly sending Microsoft copies of their
confidential information.
CIAC, which forms part of the US Department of Energy, warns
that the products are configured to send debugging information to
Microsoft in the event of a program crash. According to CIAC:
“The debugging information includes a memory
dump which may contain all or part of the document being viewed or
edited. This debug message potentially could contain sensitive,
private information.”
A bulletin from CIAC details registry changes which will disable
the automatic sending of debugging information. When prompted by a
program with a request to send debug information back to Microsoft,
the user then simply clicks “Don’t Send.”