Error Reporting Security (Windows CE 5.0)
Windows CE Error Reporting dump files are not protected from untrusted applications even when using trusted environment functionality. Hence, Windows CE Error Reporting presents several potential security risks for the following reasons:
- Dump file contents can potentially contain user information that is private.
- Dump files can contain critical system information about the device, including identification information, memory contents, and security information.
Best Practices
The following are best practices for mitigating security risks for Windows CE Error Reporting.
- Obtain user consent for upload. Advise users of possible dump file content risks, and obtain user consent before uploading reports.
- Use authentication. Use authentication for access to the device if the device contains personal or sensitive information, including using a password to lock the device.
Default Registry Settings
Be aware of the registry settings that impact security. If a value has security implications, you will find a Security Note in the registry settings documentation.
Error reporting without a user interface can be enabled on headless devices. If your device cannot obtain user consent during initial product setup, do not upload error reports.
Send Feedback on this topic to the authors