14 DAY TRIAL // Internet Explorer 7, the browser version that ships by default as a component of both 32-bit and 64-bit Windows Vista operating system, can serve as an open avenue for attacks, provided that the necessary proxy settings are in place. Microsoft issued a security advisory, confirming the existence of a vulnerability in Web Proxy Auto-Discovery (WPAD). In the eventuality of a successful exploit, the attacks could lead to information disclosure, Microsoft informed. However, IE7 in Vista is not the only browser impacted by the security flaw.
"(...) [The] vulnerability [is associated with] the way Microsoft Windows XP SP2, Windows Server 2003 SP1, Windows Server 2003 SP2 and Windows Vista find a Web Proxy Automatic Discovery (WPAD) server. This vulnerability also affects supported versions of Internet Explorer. At this time, we are not aware of attacks attempting to use the reported vulnerability, but we will continue to track this issue," explained Tim Rains, from the Security Response Communications Team, at Microsoft.
The Redmond company informed of several mitigation factors that when in place will protect end users from being exploited via attacks, which target the vulnerability in Web Proxy Auto-Discovery. For the most part, the added layers of protection simply involve specific proxy configurations, and nothing more. For example, having the 'Automatically Detect Settings' option in Internet Explorer disabled is a shield against the security hole.
Safe from attacks are the end users that have manually entered the proxy server data in IE. On top of these examples, Microsoft also informed that WPAD servers, proxy server settings via DHCP or DNS, DNS domain names functioning as second-level domain (SLD), with a top-level domain (TLD) on top, and the lack of a primary DNS suffix are all mitigations against the vulnerability. Otherwise, all users are impacted by the flaw.
"Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). (...) Customers whose domain name begins in a third-level or deeper domain, or for whom the following mitigating factors do not apply, are at risk from this vulnerability," the Redmond company revealed.