Security Hero Rotating Header Image

Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure – 1/9/2008

Microsoft Security Advisory (945713): Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure – 1/9/2008

Revision Note: Advisory Updated: The registry key for the Configure a Domain Suffix Search List workaround has been corrected to the proper key of SearchList. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as ¡§contoso.co.us¡¨, or for whom the following mitigating factors do not apply, are at risk from this vulnerability.

URL: http://www.microsoft.com/technet/security/advisory/945713.mspx

Leave a Reply

Your email address will not be published. Required fields are marked *