The first stage of the WER protocol is not SSL encrypted in Windows

Symptoms

Microsoft uses Windows Error Reporting (WER) to transmit troubleshooting information and updates for specific problems in Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008. For example, WER sends reports about application or device driver failures.

WER is a multi-stage communication protocol. The first stage of WER that includes the basic report parameters is not encrypted. Any detailed information that is used to help determine the cause of a problem is sent in the second stage of reporting. This second stage is encrypted over a Secure Sockets Layer (SSL) connection.

More Information

  • The Windows error reporting service encrypts all customer Personally Identifiable Information, or PII, via Secure Socket Layer, or SSL, connections.
  • Secure Socket Layer connections are regularly established to communicate details contained in Windows error reports.
  • Customers who choose to use error reports send limited information about, for example, the process, application, or device driver, that may have encountered a problem. Reports are then reviewed and used to improve customer experiences.
  • We continue to review our encryption technologies and practices.

Resolution

This update adds an additional level of precautionary encrypting. The first stage of communication with the WER service is now encrypted by extending the SSL connection that is used in the second stage. With this change, basic report parameters will be reported to Microsoft over a secure channel.

Update information

How to obtain the update

Windows Update
This update is available from Windows Update.
Microsoft Download Center
You can obtain the stand-alone update package through the Microsoft Download Center. For more information, go to the Microsoft Download Center, and then search for KB2929733.
The following files are available for download from the Microsoft Download Center.
Operating systemUpdate
All supported x86-based versions of Windows 7Download Download the package now.
All supported x64-based versions of Windows 7Download Download the package now.
All supported x64-based versions of Windows Server 2008 R2Download Download the package now.
All supported IA64-based versions of Windows Server 2008 R2Download Download the package now.
All supported x86-based versions of Windows VistaDownload Download the package now.
All supported x86-based versions of Windows Server 2008Download Download the package now.
All supported x64-based versions of Windows VistaDownload Download the package now.
All supported x64-based versions of Windows Server 2008Download Download the package now.
All supported IA64-based versions of Windows Server 2008 Download Download the package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

To apply this update, you must be running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008.

Restart information

You must restart the computer after you apply this update.

Update replacement information

This update does not replace any previously released update.

File information

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
For more information about the Windows error reporting feature, go to the following Microsoft Developer Network website:

Additional file information

Additional file information for Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008
Properties

Article ID: 2929733 - Last Review: 11 Mar 2014 - Revision: 1

Feedback