12:13 PM

Microsoft Releases Attack Advisory For WPAD Protocol

An attacker could gain access to the client's traffic by routing it through a malicious proxy server.

Microsoft released a security advisory on Wednesday, warning users about a new attack on the Web Proxy Automatic Discovery protocol (WPAD).

The government Internet threat alert center -- U.S.-CERT -- is advising users that an attacker with the ability to register a WPAD entry in a Domain Name System (DNS) or Windows Internet Naming Service (WINS) server may be able to cause a WPAD-configured client to resolve to an arbitrary host and retrieve the malicious WPAD.dat file. This may allow an attacker access to the client's traffic by routing it through a malicious proxy server.

The U.S. advisory group recommended that network administrators reserve static WPAD DNS host names and WPAD WINS name records.

A Microsoft advisory explained that client software configured to use WPAD must be able to contact a host that serves a proxy automatic configuration file (Wpad.dat). A WPAD-configured client can use several methods to locate a host that contains a Wpad.dat file. Two of these methods, Microsoft noted, require a WPAD entry to be registered in DNS or in WINS.

The attack could affect 20 different Microsoft products, including 16 versions of Windows Server 2003, several versions of Windows 2000, and Microsoft Small Business Server 2000 Standard Edition.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of June 21, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.