iTnews

Vulnerability discovered that could allow 'man-in-the-middle' attacks on Windows DNS servers

By SC Australia Staff on Mar 17, 2009 10:48AM

A Microsoft vulnerability has been detected that affects the DNS server and Web Proxy Autodiscovery (WPAD) Protocol registration.

A Microsoft vulnerability has been detected that affects the DNS server and Web Proxy Autodiscovery (WPAD) Protocol registration.

 

Luis Corrons at Panda Labs claimed that it is a service that allows automatic configuration of proxy settings of the computers within a network without user intervention.

 

It can also be used to launch ‘man-in-the-middle' attacks on Windows DNS servers, as the web browsers of the PCs in the network are configured through these WPAD entries, so a user that is getting the proxy configuration automatically could be redirected to a malicious proxy and the attacker will have access to all the traffic of the user.

 

Corrons claimed: “To perform this attack, the attacker could insert a WPAD entry in the DNS server when dynamic updates are enabled. Once created these values in the registry, if anyone tries to launch a ‘man-in-the-middle' attack it won't succeed, as the system will block petitions to the WPAD entry, unless this entry had not been created before applying the patch.

 

“Usually, if you are vulnerable to an attack and you patch the system you feel safe. For instance, all of you know about Conficker, which infects the system using the vulnerability MS08-067. Even if you have been previously infected, you can apply the patch and you won't be infected anymore through this vulnerability.

 

“However, in the case of MS09-008 patch it doesn't work in the same way; even if we have applied the patch, if we were already attacked through this vulnerability, it doesn't solve the problem and the ‘man-in-the-middle' attacks will continue. Why? Because in that case the data in the value GlobalQueryBlockList created when the patch is applied is ‘isatap' instead of ‘wpad isatap', so the queries to WPAD are not being blocked.”

 

Microsoft's Bill Sisk claimed that it had thoroughly reviewed these reports, and said ‘customers who've deployed this update are protected from the four vulnerabilities outlined in the bulletin'.

 

He also claimed that Microsoft was currently not aware of any attacks, and said: “We've also been collaborating with several researchers regarding the effectiveness of this update, as it is a complex issue, and have released more details about these vulnerabilities and how the security update addresses them.

 

“Again, I want to assure you that MS09-008 protects from potential attacks that could exploit the vulnerabilities outlined in the bulletin.”



 
See original article on scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
dnsmicrosoftpandasecurityserversvulnerabilitywindows

Partner Content

Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
The case for postponing mainframe migration has eroded
Partner Content The case for postponing mainframe migration has eroded
Top 5 Benefits of Managed IT Services
Promoted Content Top 5 Benefits of Managed IT Services
Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By SC Australia Staff
Mar 17 2009
10:48AM
0 Comments

Related Articles

  • Active Directory defaults lead to no-fix PrivEsc vulnerability
  • 'Single account' compromise led to Microsoft's Lapsus$ code leak
  • Exchange Server code execution vulnerability patched
  • Researchers patch Microsoft's 'Petitpotam' vulnerability patch
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'
Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS
NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

Digital Nation

Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.