Microsoft warns of Windows zero-day

By Bill Brenner, Senior News Writer 04 Dec 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft is warning customers about a zero-day flaw in the process of how Windows looks up other computers on the Internet.

The vulnerability is a variation of one patched in 1999, and attackers could exploit it to access sensitive data and redirect users to Web sites rigged with malware. It is not considered as big a threat as more recent zero-day flaws, however.

Tim Rains of the Microsoft Security Response Center communications team said in an email late Monday that the software giant is investigating new public reports of a vulnerability in how Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). He said the specific technology affected is Windows' Web Proxy Auto-Discovery (WPAD) program.

Danish vulnerability clearinghouse Secunia gave the flaw a "less critical" rating in its SA 27901 advisory, which it typically reserves for cross-site scripting and privilege escalation flaws, as well as those that allow exposure of sensitive data to local users.

The problem affects Microsoft Windows 2000 Advanced Server, Windows 2000 Datacenter Server; Windows 2000 Professional; Windows 2000 Server; Windows Server 2003 Datacenter Edition; Windows Server 2003 Enterprise Edition; Windows Server 2003 Standard Edition; Windows Server 2003 Web Edition; Windows Vista; Windows XP Home Edition; Windows XP Professional; Internet Explorer 6 and Internet Explorer 7.

This is mainly a problem for corporate users outside the U.S, though Microsoft warned that attackers could exploit it to silently redirect users to malware-laden Web sites. Though the flaw was patched years ago, researcher Beau Butler recently discovered it in more recent versions of Windows.

"Microsoft has not received any information to indicate customer impact at this time," Rains said. "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process."

Microsoft Security Advisory 945713 suggests users mitigate the threat by creating a WPAD.DAT proxy auto configuration file on a host-named WPAD to direct Web browsers to the organization's proxy; disabling the automatic detection settings in Internet Explorer; disabling DNS devolution; and configuring a domain suffix search list.

Tags: Emerging Information Security Threats,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary DNS rebinding attack  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) man in the browser  (SearchSecurity.com) phlashing  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary