Microsoft Tuesday was still examining the details of a vulnerability discovered by a hacker that appears to exploit an eight-year-old flaw in Windows. So far, the company has not announced plans for a patch. In addition, the company would not confirm that the issue is based on a vulnerability first discovered in 1999 in the Web Proxy Autodiscovery Protocol (WPAD) in Windows. Nor would the company commit to the fact that any fix is under development.

Mark Miller, director of security response for Microsoft, said in a statement, “I can tell you that Microsoft is investigating and treating this issue the way it does any other vulnerability report. As part of our standard MSRC [Microsoft Security Response Center] investigation process, we have been working with the researcher and journalist to respond to reports and have engaged resources in our security response and product groups.”

Miller went on to say, “Once the investigation is complete, if needed, we will take appropriate action to help protect customers. If this is a security issue, this may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.”

Full Article

Windows, Web Proxy, Vulnerability, Exploit, Microsoft