Microsoft warns of web proxy flaw

Microsoft warns of web proxy flaw


Possible risk of 'man-in-the-middle' attack

Microsoft has reported a flaw in the way Windows and Internet Explorer handle web proxy auto discover (WPAD) connections.

WPAD servers are used to deliver connecting computers with web proxy information.
Microsoft said that the problem occurs when the WPAD servers for third-level domains (such as .co.uk) and deeper cannot be found. The user is then redirected to a WPAD server for a higher domain.

This can eventually lead the user to access a WPAD server outside the intended domain, possibly to one that has been compromised by a hacker.

All current versions of Windows and Internet Explorer are affected by the flaw, which was discovered by researcher Beau Butler. Microsoft has not received any reports of attacks targeting the vulnerability in the wild.

Users can mitigate the problem by disabling 'automatically detect settings' in Internet Explorer. Microsoft noted that users whose ISP uses a connection specific DNS suffix are not affected.

Sites which use a top-level domain, such as .com or .gov, are not at risk neither are those with a trusted WPAD server.

Microsoft said that it is investigating the issue, but did not say when a patch would be released. The company's next scheduled security update is on 11 December.