Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to poison a DNS cache and conduct spoofing attacks.
1) An error in the Windows DNS server may cause it to not properly reuse cached responses. This can be exploited via specially crafted DNS queries to poison the DNS cache and thus redirect network traffic.
2) An error in the Windows DNS server may cause it to not properly cache DNS responses. This may increase the predictability of subsequent transaction IDs and can be exploited to poison the DNS cache via specifically crafted queries sent to the DNS server.
3) The Windows DNS server does not properly validate who can register WPAD entries when dynamic update is used and ISATAP and WPAD are not already registered in DNS. This can be exploited to conduct MitM (Man-in-the-Middle) attacks by registering "WPAD" in the DNS database pointing to a desired IP address.
4) The Windows WINS server does not properly validate who can register WPAD or ISATAP entries. This can be exploited to conduct MitM (Man-in-the-Middle) attacks by registering WPAD or ISATP in the WINS database pointing to a desired IP address.
Vulnerabilities #3 and #4 may be related to: SA27901
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: Microsoft Windows DNS / WINS Multiple Spoofing Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.