Wednesday, June 5, 2019

Windows 10 Shares Data with Microsoft Insecurely

Apart from the fact Windows 10 (Win10) is sending search data, even though I had disabled Cortana, it's also sending the data to Microsoft using certificates whose authenticity aren't proven.


First, Kaspersky intercepted this traffic going to: dubaivm1.uaenorth.cloudapp.azure.com
It's obviously owned by Microsoft. Details about its usage are in the Detailed Report below.

There's an additional connection that goes to: exo-ring.msedge.net
This is also related to Cortana search. (which is disabled)




These are details of the certificate. It's signed by DigiCert to Microsoft CA, then to: azwanp.trafficmanager.net


As extra precaution, I have Kaspersky set to use Mozilla's certificate store rather than Microsoft's.  At least I can trust that Mozilla won't inject stuff behind my back.