Wednesday, March 28, 2007

Microsoft Releases Attack Advisory For WPAD Protocol

Sharon Gaudin writes on InformationWeek:

Microsoft released a security advisory on Wednesday, warning users about a new attack on the Web Proxy Automatic Discovery protocol (WPAD).

The government Internet threat alert center -- U.S.-CERT -- is advising users that an attacker with the ability to register a WPAD entry in a Domain Name System (DNS) or Windows Internet Naming Service (WINS) server may be able to cause a WPAD-configured client to resolve to an arbitrary host and retrieve the malicious WPAD.dat file. This may allow an attacker access to the client's traffic by routing it through a malicious proxy server.

More here.

0 Comments:

Post a Comment

<< Home