Windows Web Proxy Autodiscovery flaw

A flaw in hos IE configures Web proxies could lead to exploitation.

Versions of Microsoft Windows 2000 and Windows Server 2003 use the Web Proxy Autodiscovery Protocol (WPAD) within Internet Explorer. WPAD allows IE to locate a Web proxy's auto-config file and thus configure the browser's proxy settings. The way the system is currently implemented, a malicious user could configured a WINS or DNS proxy server on a site, then when a vulnerable IE browser connects, intercept all subsequent traffic.

Additional Resources

Microsoft: Advisory 934864

FRsirt: 1115

CNET News.com:Windows weakness can lead to network traffic hijacks

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The problem with hoarding photos on your phone

Do you have hundreds (or thousands) of photos on your phone? This one's for you.

by Sharon Profis