A security issue has been reported in Microsoft's Web Proxy Auto-Discovery (WPAD) feature, which can be exploited by malicious people to conduct man-in-the-middle (MITM) attacks.
The problem is that the WPAD feature resolves "wpad" hostnames up to the second-level domain, which is potentially untrusted. This can be exploited to conduct man-in-the-middle attacks against third-level or deeper domains.
Successful exploitation requires e.g. that the system has a primary DNS suffix configured (please see the vendor's advisory for details and other mitigating factors).
Solution: The vendor has provided various workarounds. Please see the vendor's advisory for details.
Provided and/or discovered by: The vendor credits Beau Butler.
Original Advisory: Microsoft (KB945713):
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Microsoft Web Proxy Auto-Discovery Feature Security Issue
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.