Microsoft confirms "Old Windows DNS Flaw is back"

Microsoft Corp. said that a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced and could expose some customers to online attacks. The flaw primarily affects corporate users outside of the U.S. It could theoretically be exploited by attackers to silently redirect a victim to a malicious […]

Microsoft Corp. said that a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced and could expose some customers to online attacks.

The flaw primarily affects corporate users outside of the U.S. It could theoretically be exploited by attackers to silently redirect a victim to a malicious Web site.

Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and was then publicized at a recent hacker conference in New Zealand. "This is a variation of that previously reported vulnerability that manifests when certain client side settings are made," said Mike Reavey, a group manager at Microsoft's Security Response Center.

The bug has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.

Any version of Windows could theoretically be affected by the flaw, but Microsoft issued an advisory Monday explaining which Windows configurations are at risk and offering some possible workarounds for customers. The company said it is working to release a security patch for the problem.

Here's how the attack would work: When a Windows system is specially configured with its own DNS Suffix it will automatically search the network for DNS information on a Web Proxy Auto-Discovery (WPAD) server. Typically this server would be a trusted machine, running on the victim's own network.

More info....

Windows, Operating System, Windows OS, DNS, Vulnerability, Exploit, Microsoft