Windows Web Proxy Autodiscovery flaw

A flaw in hos IE configures Web proxies could lead to exploitation.

Versions of Microsoft Windows 2000 and Windows Server 2003 use the Web Proxy Autodiscovery Protocol (WPAD) within Internet Explorer. WPAD allows IE to locate a Web proxy's auto-config file and thus configure the browser's proxy settings. The way the system is currently implemented, a malicious user could configured a WINS or DNS proxy server on a site, then when a vulnerable IE browser connects, intercept all subsequent traffic.

Additional Resources

Microsoft: Advisory 934864

FRsirt: 1115

CNET Windows weakness can lead to network traffic hijacks

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.


    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments