Security Market Segment LS
Wednesday, 05 December 2007 05:44

Microsoft admits man in the middle vulnerability

By
Microsoft has confirmed the existence of a Windows vulnerability recently disclosed by New Zealand software engineer Beau Butler.

The WPAD vulnerability was fixed some time ago for domains registered in top level domains such as .com and .net, but not - it turns out - for those in national and other second level domains such as .com.au or .co.nz.

The problem is in the way Windows' web proxy auto-discovery (WPAD) feature works. Using Microsoft's example to illustrate the process, a web client in the western.corp.contoso.co.us domaim would start by querying wpad.western.corp.contoso.co.us for a WPAD server. If that failed, it would try wpad.corp.contoso.co.us, and then wpad.contoso.co.us. So far, so good. But if that still fails, the next step is to try wpad.co.us, which is outside the organisation's domain.

This means someone registering wpad in a second level domain could set up a WPAD server that configures clients to use a proxy server under their control. That proxy would then provide its operator with a means of inspecting all the traffic flowing to and from those clients - a clear security issue.

wpad has already been registered in various namespaces, including .com.au, .co.nz and .co.uk.

The purpose of WPAD is to allow a web client to detect proxy settings without user intervention.

The vulnerability affects Windows 2000, XP, 2003 and Vista, and Internet Explorer 5, 6, and 7. Software from other vendors may also be affected if they use this feature.

Most home users would not have a primary DNS suffix configured, and so are not affected by the vulnerability, according to Microsoft.

While the company works to develop a patch for the problem, it suggests other customers take various protective measures including setting up a WPAD server within the organisation, configuring Internet Explorer so it does not attempt to automatically detect settings, disabling DNS devolution, and configuring a domain suffix search list.


BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments