Windows vulnerability could lead to more online attacks

A report by IT Business Canada describes how "a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced and could expose some customers to online attacks."

In theory, all Windows OS could potentially be compromised and Microsoft is said to be working hard to solve the issue. However, they have not found any attacks in the wild.

The flaw was rediscovered at the recent Kiwicon hacker conference in New Zealand where a method for using the Playstation 3 as a password cracking device was also unveiled.

Below is Microsoft's advisory for the vulnerability

Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN).

The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD).

Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time.

Customers whose domain name begins in a third-level or deeper domain, such as "contoso.co.us", or for whom the following mitigating factors do not apply, are at risk from this vulnerability.

Mitigating Factors:
• Customers who do not have a primary DNS suffix configured on their system are not affected by this vulnerability. In most cases, home users that are not members of a domain have no primary DNS suffix configured. Connection-specific DNS suffixes may be provided by some Internet Service Providers (ISPs), and these configurations are not affected by this vulnerability.
• Customers whose DNS domain name is registered as a second-level domain (SLD) below a top-level domain (TLD) are not affected by this vulnerability. Customers whose DNS suffixes reflect this registration would not be affected by this vulnerability. An example of a customer who is not affected is contoso.com or fabrikam.gov, where "contoso" and "fabrikam" are customer registered SLDs under their respective ".com" and ".gov" TLDs.
• Customers who have specified a proxy server via DHCP server settings or DNS are not affected by this vulnerability.
• Customers who have a trusted WPAD server in their organization are not affected by this vulnerability.
• Customers who have manually specified a proxy server in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.
• Customers who have disabled 'Automatically Detect Settings' in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.

Topics

404

Sorry! Page not found.

The article you requested has either been moved or removed from the site.