Windows Vulnerability Could Compromise Millions

[Lite]

A serious security flaw affecting every version of Microsoft Windows operating systems, including Vista, could enable cyber criminals to take control of an untold number of machines around the globe and manipulate personal information.

The bug, which was first reported by the Sydney Morning Herald, was demonstrated last week at the Kiwicon hacker conference in New Zealand by researcher Beau Butler.

The vulnerability could ultimately compromise millions of home or office machines, particularly those located outside the U.S., subjecting them to attack by cyber criminals who could then acquire passwords, monitor Internet use, or steal personal, financial or identifying information.

"The real risk here is, someone else may automatically configure your proxy for you and redirect traffic through their malicious server," said Oliver Friedrichs, Symantec (NSDQ:SYMC) security response director. "A lot of that traffic is encrypted, but the attacker could intercept it and cause it to be unencrypted."

The flaw is located in a feature known as Web Proxy Autodiscovery (WPAD), which helps IT administrators automate the configuration of proxy settings in Internet Explorer and other browsers. Standard U.S. domains, such as .com, .net, or .edu, are not susceptible to attack. However, vulnerable browsers will travel across a company's host domain searching for the WPAD data file used to set up the proxy feature. In certain configurations, the third-level domain is not a trusted part the network. If exploited by an attacker, the vulnerability could be used to intercept Web sessions and redirect traffic to another malicious proxy, where attackers could gain control of any personal information when the user browses the Internet.

View: Original Article