Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
March 28, 2007
1 Min Read
Microsoft released a security advisory on Wednesday, warning users about a new attack on the Web Proxy Automatic Discovery protocol (WPAD).
The government Internet threat alert center -- U.S.-CERT -- is advising users that an attacker with the ability to register a WPAD entry in a Domain Name System (DNS) or Windows Internet Naming Service (WINS) server may be able to cause a WPAD-configured client to resolve to an arbitrary host and retrieve the malicious WPAD.dat file. This may allow an attacker access to the client's traffic by routing it through a malicious proxy server.
The U.S. advisory group recommended that network administrators reserve static WPAD DNS host names and WPAD WINS name records.
A Microsoft advisory explained that client software configured to use WPAD must be able to contact a host that serves a proxy automatic configuration file (Wpad.dat). A WPAD-configured client can use several methods to locate a host that contains a Wpad.dat file. Two of these methods, Microsoft noted, require a WPAD entry to be registered in DNS or in WINS.
The attack could affect 20 different Microsoft products, including 16 versions of Windows Server 2003, several versions of Windows 2000, and Microsoft Small Business Server 2000 Standard Edition.
You May Also Like
Integrations to automate your framework compliance: ISO 27001, SOC 2, and NIST CSF
Navigating the ISO 27001 compliance journey
Edge Computing Bridges IT and OT People, Process, and Technology
10 Considerations to Building Hybrid Mesh Firewall
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Accelerationâ€‹