MS Office 2003 Customer Experience Feedback Program

From: Jeff Click (jclick_at_LANL.GOV)
Date: 10/21/03

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-041 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)" 
    Date:         Mon, 20 Oct 2003 17:06:43 -0600
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Russ,
    Not sure if this is really appropriate for NTBUGTRAQ, since it applies to
    Office 2003, but thought I would try anyway. We have been testing out
    Office 2003 sub-components prior to making them available to our
    users. One of the new "features" integrated into all sub-components is the
    Customer Experience Feedback Program which when enabled will, "collect
    anonymous information about your hardware configuration and how you use
    [Microsoft's] software and services" and then send it off to
    Microsoft. They are not very specific about the details. See
      http://www.microsoft.com/products/ceip/english/default.htm

    It is not enabled by default and does not appear to send any information
    until it is enabled. However, it still makes me nervous, since it is not
    appropriate for our environment and many users may enable it. Does anyone
    out there have better details on this buggar? Also, does anyone know how
    it can be turned off via GPO or SMS, etc. (i.e. any idea where the registry
    keys are for this setting)?

    Any help would be most appreciated.

    ~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~
    Jeff Click
    ESD and ESM Quality Assurance
    ESD (Electronic Software Distribution) Team
    Computing, Communications and Networking - 2
    Los Alamos National Laboratory

    <jclick@lanl.gov>
    (505) 667-4544

    MS D433
    TA-3, SM 463, Rm. 124
    Los Alamos, NM 87545
    ~`~`~`~`~`~`~`~`~`~`~`~`~`~`~`~

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-041 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)"