Content
Microsoft Windows Web Proxy Automatic Discovery (WPAD) Vulnerability
- Type
- Logic error
- Impact of exploitation
- Information disclosure
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Medium
- CVE reference
- CVE-2007-5355,
- Vendor Status
- Responded, not patched
- Vulnerable systems
- Windows XP SP0 - SP2,
- Windows 2003 SP0 - SP2,
- Windows Vista SP0,
- Summary
- A vulnerability is present in Microsoft Windows that may allow for disclosure of sensitive information.
Tab Navigation
Description
Microsoft Windows is an industry standard operating system. The Microsoft Web Proxy Automated Discovery (WPAD)protocol allows for automated discovery of a local network proxy. A vulnerability exists in Microsoft Windows that may allow for an information disclosure attack. The flaw lies in the Web Proxy Automated Discovery protocol functionality. Successful exploitation could allow for third level domains to not be connected with the trusted domain in specific instances. It has been reported that exploitation is limited to victims outside of the United States.
McAfee Product Mitigation & Recommendations
Recommendations
Microsoft partially patched this vulnerability for domains ending in .com: http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx
McAfee Product Mitigation
McAfee Foundstone
An upcoming Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- Microsoft Windows Web Proxy Automatic Discovery (WPAD) Vulnerability
- Release date:
- 12/11/2007
Additional Resources
Microsoft on the hunt for 'serious' Windows flaw
http://www.theregister.co.uk/2007/11/26/wpad_vuln_investigated/
Flaw leaves Microsoft looking like a turkey
http://www.smh.com.au/news/technology/microsoft-flaw-a-massive-shock/2007/11/23/1195975914416.html
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
http://www.microsoft.com/technet/security/advisory/945713.mspx
All Information
Timeline -
12/3/2007
The vendor has supplied details about the vulnerability.
11/26/2007
Vulnerability information has been publicly disclosed.
11/26/2007
Vulnerability information has been publicly disclosed.
Description -
Microsoft Windows is an industry standard operating system. The Microsoft Web Proxy Automated Discovery (WPAD)protocol allows for automated discovery of a local network proxy. A vulnerability exists in Microsoft Windows that may allow for an information disclosure attack. The flaw lies in the Web Proxy Automated Discovery protocol functionality. Successful exploitation could allow for third level domains to not be connected with the trusted domain in specific instances. It has been reported that exploitation is limited to victims outside of the United States.
McAfee Product Mitigation & Recommendations
Recommendations -
Microsoft partially patched this vulnerability for domains ending in .com: http://www.microsoft.com/technet/security/bulletin/ms99-054.mspx
McAfee Product Mitigation
McAfee Foundstone
An upcoming Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- Microsoft Windows Web Proxy Automatic Discovery (WPAD) Vulnerability
- Release date:
- 12/11/2007
Additional Resources
Additional Resources -
Microsoft on the hunt for 'serious' Windows flaw
http://www.theregister.co.uk/2007/11/26/wpad_vuln_investigated/
Flaw leaves Microsoft looking like a turkey
http://www.smh.com.au/news/technology/microsoft-flaw-a-massive-shock/2007/11/23/1195975914416.html
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
http://www.microsoft.com/technet/security/advisory/945713.mspx
