Microsoft confirms vulnerability

A Windows vulnerability, that had previously been patched, has re-emerged. Microsoft said that the flaw could expose some customers to online attacks. The flaw primarily affects non-US corporate users and could be exploited by attackers to redirect a victim to a malicious website. Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows. In an official security advisory, Microsoft has now confirmed the vulnerability in the Web Proxy Auto-Discovery (WPAD) reported recently at Kiwicon. The function can be induced to search for WPAD servers outside the defined domain in order to load a proxy configuration for Internet Explorer. For instance, an attacker might place his own WPAD server on the Internet and inject specially crafted proxy settings into user systems to redirect their Web connections onto his own proxy so he can sniff data.

Read the article HERE.