Technology news and Jobs 
Information Technology News Microsoft admits man in the middle vulnerability
Information Technology News Microsoft admits man in the middle vulnerability | Microsoft admits man in the middle vulnerability |
|
|
| by Stephen Withers | |
| Wednesday, 05 December 2007 | |
|
The problem is in the way Windows' web proxy auto-discovery (WPAD) feature works. Using Microsoft's example to illustrate the process, a web client in the western.corp.contoso.co.us domaim would start by querying wpad.western.corp.contoso.co.us for a WPAD server. If that failed, it would try wpad.corp.contoso.co.us, and then wpad.contoso.co.us. So far, so good. But if that still fails, the next step is to try wpad.co.us, which is outside the organisation's domain. This means someone registering wpad in a second level domain could set up a WPAD server that configures clients to use a proxy server under their control. That proxy would then provide its operator with a means of inspecting all the traffic flowing to and from those clients - a clear security issue. wpad has already been registered in various namespaces, including .com.au, .co.nz and .co.uk. The purpose of WPAD is to allow a web client to detect proxy settings without user intervention. The vulnerability affects Windows 2000, XP, 2003 and Vista, and Internet Explorer 5, 6, and 7. Software from other vendors may also be affected if they use this feature. Most home users would not have a primary DNS suffix configured, and so are not affected by the vulnerability, according to Microsoft. While the company works to develop a patch for the problem, it suggests other customers take various protective measures including setting up a WPAD server within the organisation, configuring Internet Explorer so it does not attempt to automatically detect settings, disabling DNS devolution, and configuring a domain suffix search list.
Get stories like this delivered daily - FREE - subscribe now
|
Tags
| < Next story in category | Previous story in the category > |
|---|
