Australian IT JOBS : Sydney IT jobs, UNIX jobs, Linux jobs, Java jobs, ASP jobs Linux.conf.au Linux.conf.au
Technology news and Jobs arrow Information Technology News arrow Microsoft admits man in the middle vulnerability
Microsoft admits man in the middle vulnerability PDF Print E-mail
Written by Stephen Withers   
Wednesday, 05 December 2007
Microsoft has confirmed the existence of a Windows vulnerability recently disclosed by New Zealand software engineer Beau Butler.
The WPAD vulnerability was fixed some time ago for domains registered in top level domains such as .com and .net, but not - it turns out - for those in national and other second level domains such as .com.au or .co.nz.

The problem is in the way Windows' web proxy auto-discovery (WPAD) feature works. Using Microsoft's example to illustrate the process, a web client in the western.corp.contoso.co.us domaim would start by querying wpad.western.corp.contoso.co.us for a WPAD server. If that failed, it would try wpad.corp.contoso.co.us, and then wpad.contoso.co.us. So far, so good. But if that still fails, the next step is to try wpad.co.us, which is outside the organisation's domain.

This means someone registering wpad in a second level domain could set up a WPAD server that configures clients to use a proxy server under their control. That proxy would then provide its operator with a means of inspecting all the traffic flowing to and from those clients - a clear security issue.

wpad has already been registered in various namespaces, including .com.au, .co.nz and .co.uk.

The purpose of WPAD is to allow a web client to detect proxy settings without user intervention.

The vulnerability affects Windows 2000, XP, 2003 and Vista, and Internet Explorer 5, 6, and 7. Software from other vendors may also be affected if they use this feature.

Most home users would not have a primary DNS suffix configured, and so are not affected by the vulnerability, according to Microsoft.

While the company works to develop a patch for the problem, it suggests other customers take various protective measures including setting up a WPAD server within the organisation, configuring Internet Explorer so it does not attempt to automatically detect settings, disabling DNS devolution, and configuring a domain suffix search list.

Tags See All Tags


Internet  Stephen Withers  Vista  Windows  microsoft  security 

Get stories like this delivered daily - FREE - subscribe now
When you subscribe get a 12 months license for LiveProject
Valued at $99 USD


LiveWire - Desktop alerts Download the FREE iTWire desktop alert widget LiveWire - Desktop alerts


Del.icio.us!
 
Next >

Latest jobs

JobsWire Technology Jobs in Sydney
Active Directory  Apache  Software Architect  C#  C++  Cisco  Citrix Cognos  Coldfusion  CRM  Crystal Reports  Software Development  ERP  HTML  IBM  IT Infrastructure  ITIL  J2EE  Java  LAN/WAN  Linux  Lotus Notes  MS Project  .NET  Oracle  SDLC  SQL  IT Support  IT Training  UAT  UML  Unix  XML
JobWire - IT Jobs
Contact , Register , Advertise with iTWire , Links , Register , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging
Industry Releases , Submit your release now , Start submitting to iTWire , How to post video