Microsoft has reported a flaw in the way Windows and Internet Explorer handle web proxy auto discover (WPAD) connections.
WPAD servers are used to deliver connecting computers with web proxy
Microsoft said that the problem occurs when the WPAD servers for third-level domains (such as .co.uk) and deeper cannot be found. The user is then redirected to a WPAD server for a higher domain.
This can eventually lead the user to access a WPAD server outside the intended domain, possibly to one that has been compromised by a hacker.
All current versions of Windows and Internet Explorer are affected by the flaw, which was discovered by researcher Beau Butler. Microsoft has not received any reports of attacks targeting the vulnerability in the wild.
Users can mitigate the problem by disabling 'automatically detect settings' in Internet Explorer. Microsoft noted that users whose ISP uses a connection specific DNS suffix are not affected.
Sites which use a top-level domain, such as .com or .gov, are not at risk neither are those with a trusted WPAD server.
Microsoft said that it is investigating the issue, but did not say when a patch would be released. The company's next scheduled security update is on 11 December.
Nanocrystals embedded in glass or a polymer could be the next step for nano-crystal storage method
Space Telescope to be used as part of the organisation's Transiting Exoplanet Survey Satellite
Second quarter PC sales up by 2.7 per cent, suggests IDC
Apple updates MacBook Pro with Coffee Lake CPUs, 32GB memory and up to 4TB storage - at a price, of course
A maxxed out MacBook Pro will cost a mere £6,209