Microsoft unveils Windows network hack

Mar 27, 2007 08:09 GMT  ·  By

Microsoft has unveiled details related to a Windows network hack that can potentially allow an attacker to route Internet traffic through a malicious proxy server. According to the Redmond Company, Windows Server 2003 and Windows 2000 are the only operating systems impacted by this issue. Microsoft has published a knowledge base article detailing the necessary steps for the configuration of DNS and WINS in order to reserve WPAD registration.

"Client software that is configured to use Web Proxy Automatic Discovery (WPAD) must be able to contact a host that serves a proxy automatic configuration file (Wpad.dat). A WPAD-configured client can use several methods to locate a host that contains a Wpad.dat file. Two of these methods require a WPAD entry to be registered in Domain Name System (DNS) or in Windows Internet Naming Service (WINS). Registering a WPAD entry in DNS or in WINS enables clients to resolve names of hosts that contain proxy automatic configuration files," reads the introduction of KB article 934864.

An attacker may manage to register a WPAD entry in DNS or in WINS, resolving to a host with a malicious Wpad.dat file, and then WPAD clients can route their Internet traffic. In order to prevent such a scenario, static WPAD DNS host names and WPAD WINS name records must be reserved. This action will be sufficient to deny any malicious registrations.

Microsoft additionally provides information about the steps that need to be taken in order to reserve both static WPAD DNS host names and WPAD WINS name records in KB article 934864.