Microsoft warns of web proxy flaw

Microsoft has reported a flaw in the way Windows and Internet Explorer handle web proxy auto discover (WPAD) connections. WPAD servers are used to deliver connecting computers with web proxy information. Microsoft said that the problem occurs when the WPAD servers for third-level domains (such as .co.uk) and deeper cannot be found. The user is then redirected to a WPAD server for a higher domain.

This can eventually lead the user to access a WPAD server outside the intended domain, possibly to one that has been compromised by a hacker. All current versions of Windows and Internet Explorer are affected by the flaw, which was discovered by researcher Beau Butler. Microsoft has not received any reports of attacks targeting the vulnerability in the wild.

View: The full story @ vnunet

Report a problem with article
Previous Story

Oz video rental giants go Blu-ray only

Next Story

Coloured Labels Now Available on Gmail

4 Comments

Commenting is disabled on this article.

What's this? Microsoft issued the warning themselves? Don't they normally wait for hundreds of users' systems to be compromised first, and then let someone else warn the community at large?

The cat was let out of the bag a few days ago. http://www.crn.com/security/204300485

But good to see that Microsoft has confirmed this, and is (presumably) working on a patch.

Microsoft said that it is investigating the issue, but did not say when a patch would be released. The company's next scheduled security update is on 11 December.