
Tim Rains, Microsoft security response communications lead, said today that his company has received no reports of public exploitation of the flaw.
Microsoft users who do not have a primary DNS (Domain Name system) suffix configured on their system, whose DNS domain name is registered as a second-level domain or who have specified a proxy server via DHCP (Dynamic Host Configuration Protocol) server settings are not affected by the flaw.
The vulnerability also does not affect customers who have a trusted WPAD server, who have manually specified a proxy server in IE, or who have disabled the “Automatically Detect Settings” option in IE.
Microsoft credited Beau Butler with reporting the flaw.
See original article on SC Magazine US