Microsoft has reported a flaw in the way Windows and Internet Explorer handle web proxy auto discover (WPAD) connections.
WPAD servers are used to deliver connecting computers with web proxy
Microsoft said that the problem occurs when the WPAD servers for third-level domains (such as .co.uk) and deeper cannot be found. The user is then redirected to a WPAD server for a higher domain.
This can eventually lead the user to access a WPAD server outside the intended domain, possibly to one that has been compromised by a hacker.
All current versions of Windows and Internet Explorer are affected by the flaw, which was discovered by researcher Beau Butler. Microsoft has not received any reports of attacks targeting the vulnerability in the wild.
Users can mitigate the problem by disabling 'automatically detect settings' in Internet Explorer. Microsoft noted that users whose ISP uses a connection specific DNS suffix are not affected.
Sites which use a top-level domain, such as .com or .gov, are not at risk neither are those with a trusted WPAD server.
Microsoft said that it is investigating the issue, but did not say when a patch would be released. The company's next scheduled security update is on 11 December.
New Vikendi map adds snow, snowmobiles and new aural and visual twists
Faults and bad weather ground SpaceX, Blue Origin, Arianespace and United Alliance
New regulation expected to cut greenhouse gas emissions by about 17 million metric tonnes between 2020 and 2050
Molybdenum ditelluride is a two-dimensional material that can be easily stacked into multiple layers to create a memory cell