Windows Vulnerability Could Compromise Millions Of PCs

A serious security flaw affecting every version of Microsoft (NSDQ:MSFT) Windows operating systems, including Vista, could enable cyber criminals to take control of an untold number of machines around the globe and manipulate personal information. The bug, which was first reported by the Sydney Morning Herald, was demonstrated last week at the Kiwicon hacker conference in New Zealand by researcher Beau Butler.

The vulnerability could ultimately compromise millions of home or office machines, particularly those located outside the U.S., subjecting them to attack by cyber criminals who could then acquire passwords, monitor Internet use, or steal personal, financial or identifying information. "The real risk here is, someone else may automatically configure your proxy for you and redirect traffic through their malicious server," said Oliver Friedrichs, Symantec security response director. "A lot of that traffic is encrypted, but the attacker could intercept it and cause it to be unencrypted."

View: The full story @ CRN

Report a problem with article
Previous Story

AMD drops out of the Top 10 of Semiconductors

Next Story

Intel upgrades tools for Apple Leopard developers

11 Comments

Commenting is disabled on this article.

Again, it's one of these "if you do A, B, C, and D and someone who wants to hack you does E, F, G, and H all while the Moon is at first quarter, then you can hack in to their machine".

Who gives a ****. It's a 1 in a billion chance.

This is kind of not news. We were already alerted to it about a year ago. If you are running your own local domain, there are some DNS entries you make to prevent WPAD capture. Probably the reason everyone is getting uptight about it now is that they're starting to realize that with a little selective cache poisoning, you can get anything that is autoproxying to be redirected to the infection server of your choice.

Any browser that installs with this auto proxy detect feature turned on is vulnerable. It's akin to DHCP discovery, your web browser queries another server for proxy setup information, and then blindly accepts it. The tricky part is the details where someone causes computers on your local network to load false information that can send all your traffic through a man-in-the-middle proxy of their choice that can then analyze your traffic and pick out the juicy bits.

If someone can poison your local DNS with false information (WPAD resolution), they can make your web traffic proxy through an external server.

Effective firewalling and proper internal DNS setup can prevent this from being a problem.

How to configure Microsoft DNS and WINS to reserve WPAD registration - kb934864

Stupid crap article. You forgot to quote the most important paragraph.

The real risk here is, someone else may automatically configure your proxy for you and redirect traffic through their malicious server," said Oliver Friedrichs, Symantec (NSDQ:SYMC) security response director. "A lot of that traffic is encrypted, but the attacker could intercept it and cause it to be unencrypted.

Someone has to reconfigure your computer to do this, plus it's from Symantec. :suspicious:

GreyWolfSC said,
Stupid crap article. You forgot to quote the most important paragraph.

Someone has to reconfigure your computer to do this, plus it's from Symantec. :suspicious:

All of our computers here where I work (and it is a global manufacturing company) use autodetect proxy settings, so would be susceptible if this is real, according to what I read in the article. It doesn't take the malicious person to change proxy settings on local PCs. Just (ab)use the autodetect feature already there on many PCs.

markjensen said,
All of our computers here where I work (and it is a global manufacturing company) use autodetect proxy settings, so would be susceptible if this is real, according to what I read in the article. It doesn't take the malicious person to change proxy settings on local PCs. Just (ab)use the autodetect feature already there on many PCs.

It would require that the proxy server by compromised. On a LAN that's not likely, and it would be pretty difficult to intercept that at your ISP's level too.

The flaw is located in a feature known as Web Proxy Autodiscovery (WPAD), which helps IT administrators automate the configuration of proxy settings in Internet Explorer and other browsers.

Still not sure about Firefox, but I would think it's likely vulnerable as well. Just a guess though.

IceDogg said,

Still not sure about Firefox, but I would think it's likely vulnerable as well. Just a guess though.

Firefox doesn't use the same web proxy settings I don't think, but many other things in Windows do.

This is all nice but I don't get: why not .com .net and .edu?
And just to have mentioned it: .com isn't specificially a U.S. domain since everybody registers a .com TLD nowadays.