Windows Web Proxy Autodiscovery flaw

A flaw in hos IE configures Web proxies could lead to exploitation.

Versions of Microsoft Windows 2000 and Windows Server 2003 use the Web Proxy Autodiscovery Protocol (WPAD) within Internet Explorer. WPAD allows IE to locate a Web proxy's auto-config file and thus configure the browser's proxy settings. The way the system is currently implemented, a malicious user could configured a WINS or DNS proxy server on a site, then when a vulnerable IE browser connects, intercept all subsequent traffic.

Additional Resources

Microsoft: Advisory 934864

FRsirt: 1115

CNET weakness can lead to network traffic hijacks

Featured Video

Walmart's five buck LED is one of the brightest we've tested

For basic lighting needs, this bulb looks like a solid pick, but its dimming performance leaves a lot to be desired.

by Ry Crist