Microsoft releases serious patch
Doesn't smile as it does it
SOFTWARE giant, Microsoft has released a patch for a serious security vulnerability that allows attackers to seize control of millions of computers.
The bug was found by ethical hacker and software engineer Beau Butler last month.
Apparently, the hole was so big that Vole worked solidly for two weeks to find a fix for it.
The problem is in the way IE automatically configures proxy settings and leads to PCs downloading configuration information from the internet instead of their ISP.
All a hacker has to do is register a special domain name and feed bogus configuration information to affected PCs. It is then possible to hijack their connections to the internet and take control.
When Butler tried it he found that he could have taken over about 160,000 in New Zealand. Goodness knows how many more he could have done world wide.
Butler told AP that the glitch is also present in the open source Firefox browser.
More here. µ
Comments
Firefox patched under Ubuntu yesterday
I run Ubuntu on my laptop at home (XP on my gaming desktop), and I had a patch for the proxy exploit yesterday when I got home.Good to see companies moving quickly to squash bugs. :)
Cheers,
John
But this is so so old, so how did he get the credit...
Its been an issue Microsoft have ignored for years, and still not actually fixed.Much as I dislike Wikipedia, this article sums up most of it
http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
Having a rogue DHCP server to man in the middle attack is still not even accepted by Microsoft security as an attack vector
rogue dhcp
how would you protect against a rogue dhcp server?