Skip to main content

Windows vulnerability could lead to more online attacks

A report (opens in new tab) by IT Business Canada describes how "a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced and could expose some customers to online attacks."

In theory, all Windows OS could potentially be compromised and Microsoft is said to be working hard to solve the issue. However, they have not found any attacks in the wild.

The flaw was rediscovered at the recent Kiwicon hacker conference in New Zealand where a method for using the Playstation 3 as a password cracking device was also unveiled.

Below is Microsoft's advisory for the vulnerability

Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN).

The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD).

Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time.

Customers whose domain name begins in a third-level or deeper domain, such as "contoso.co.us", or for whom the following mitigating factors do not apply, are at risk from this vulnerability.

Mitigating Factors:
• Customers who do not have a primary DNS suffix configured on their system are not affected by this vulnerability. In most cases, home users that are not members of a domain have no primary DNS suffix configured. Connection-specific DNS suffixes may be provided by some Internet Service Providers (ISPs), and these configurations are not affected by this vulnerability.
• Customers whose DNS domain name is registered as a second-level domain (SLD) below a top-level domain (TLD) are not affected by this vulnerability. Customers whose DNS suffixes reflect this registration would not be affected by this vulnerability. An example of a customer who is not affected is contoso.com or fabrikam.gov, where "contoso" and "fabrikam" are customer registered SLDs under their respective ".com" and ".gov" TLDs.
• Customers who have specified a proxy server via DHCP server settings or DNS are not affected by this vulnerability.
• Customers who have a trusted WPAD server in their organization are not affected by this vulnerability.
• Customers who have manually specified a proxy server in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.
• Customers who have disabled 'Automatically Detect Settings' in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.

Topics