Microsoft Security Update Fails To Patch DNS Vulnerability: PandaLabs

PandaLabs, Panda Security’s malware analysis and detection laboratory, has issued a warning to Microsoft users that one of the company’s latest security updates does not fix the vulnerability it was meant to patch. Update MS09-008, released on March 10 by Microsoft, was designed to fix four vulnerabilities in Windows DNS server and WINS server. However, an unpatched flaw has been detected in the DNS server, more specifically in WPAD (Web Proxy Autodiscovery Protocol) registration. WPAD is a service that allows automatic detection of proxy settings without user intervention.

This vulnerability could be used to launch ‘man-in-the-middle’ attacks on Windows DNS servers. Clients have to download WPAD entries from the DNS server, and those entries are ones that could be affected by the ‘man-in-the-middle’ attack. An attacker that exploited this vulnerability successfully could redirect users’ traffic through a malicious proxy. A proxy is a programme or device widely used in companies to connect all computers in a network to the Internet through a single computer.

“If an attacker manages to redirect targeted users to a malicious proxy they could obtain private information, redirect them to malicious pages in order to infect them with malware or monitor their Internet movements, etc,” explains Luis Corrons, technical director of PandaLabs.

PandaLabs advises users, who use these systems, to be extra cautious and keep an eye on new Microsoft updates to patch this vulnerability as soon as possible.