Microsoft embarked on patching an 8-year-old Web proxy
Microsoft embarked on patching an existing vulnerability 8 in Windows, which "helps" hackers exploit the Web proxy's automatic configuration protocol and manage computers through a single attack. public.
This vulnerability was discovered in 1999 and experts believe it may never be officially patched.
This vulnerability affects all versions of Windows including Vista, but computers in the US are not affected. Microsoft has reported a patch for this "8-year-old" vulnerability to protect computers that use the '.com' domain name. However, this patch does not work for machines that use the same domain as the national system such as .nz (New Zealand) or .uk (United Kingdom).
WPAD is the method used by web browsers to determine the proxy configuration file - wpad.dat file - used to configure proxy settings for web browsers. The role of this error is to allow the configuration file to be removed, leaving the security of the intranet, thereby paving the way for an attacker to execute the request and open a browser configuration file, then do the job. prevent and edit user web traffic.
Windows' WPAD feature is designed so that administrators do not need to configure browser proxy settings for each individual computer manually. All are configured WPAD automatically without user tracking.
Last week, Beau Butler, who was known as Oddy and the title of "righteous hacker", presented further discoveries about the WPAD vulnerability at the annual Kiwicon conference held in New Zealand. Butler told conference attendees and Australia's The Age website that he found 160,000 computers in New Zealand using the .nz domain that encountered the WPAD vulnerability. The Age has said Microsoft has asked them not to publish details of the threat to prevent cybercriminals from using them to control workstations. Microsoft confirms that this is a serious problem.
However, some details about this error can still be found by performing a simple query on Microsoft's own Live Search search page. In addition, Microsoft also described how WPAD works on the Knowledge Base page.
In the summary at the Kiwicon conference, Oddy (Butler) also ' explained all the methods in the networks that can be configured to create a WPAD vulnerability '. According to information from the Microsoft website ' WPAD allows services to identify an active proxy server by querying a DHCP option (dynamic server configuration protocol) or by specifying a specific DNS record '
Web hosting expert Duane Wessels - who helped develop Squid, a highly enforced proxy server - had a website explaining vulnerabilities to users. ' It basically works as follows: When the browser is opened, it will issue a DNS address search for' wpad.foo.com 'with' foo.com 'being the computer's domain name. Due to Microsoft's error, some browsers will search for 'wpad.com', this is my server , 'he wrote on his website.
In fact, DNS search only happens when DHCP is not disturbed by the wpad.dat file. DNS is the next option and the search for 'wpad.com' happens as a consequence of WPAD. The DNS hierarchy will look up the address of the wpad.dat proxy configuration file. Typical WPAD can be approximated to find exactly within the company intranet, but for country-level domains the search process will be biased and it will automatically search outside the organization's network. .
Regardless of how far the search location expands, once the wpad.dat file is successfully identified, the browser will make a connection and retrieve the file to the browser configuration. If a hacker succeeds in placing his wpad.dat file into the browser configuration, the attacker can point the browser to his proxies, blocking and modifying all the browser HTTP traffic.
- Microsoft, Amazon embarked on support for HD DVD
- Change IP continuously by
- Dell shook up Microsoft-Novell alliance
- How much income does Microsoft CEO have for a year?
- 10 most surprising of Microsoft in 2005
- Installing and configuring the 2004 ISA Server Firewall - Chapter 3
- Video: How is the $ 30,000 tire of giant trucks patched?
- Microsoft is committed to continuing to support IE6
- Microsoft will have great discounts on the Xbox 360 by the end of the year
- Microsoft: Windows 7 plans to sell 177 million copies by the end of the year
- Microsoft will continue to offer to buy Yahoo
- Halo 3, Vista pushed Microsoft revenue up 27%