Microsoft Web Proxy Auto Discovery - è soggetto ad una vulnerabilità che può consentire ad un eventuale attaccker di ottenere informazioni sensibili che possono portare a ulteriori attacchi.
La vulnerabilità stà nel modo in cui Windows risolvi i nomi degli Host che non includono un nome di dominio non completamente qualificato tipo
nomedominio.co.us
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Vista
Windows Vista x64 Edition
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 for Windows XP Service Pack 2
Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 for Windows XP Service Pack 2
Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 for Windows Vista
Internet Explorer 7 for Windows Vista x64 Edition
Fonte: SecurityFocus
Link alla notizia in lingua inglese:
http://www.securityfocus.com/bid/26686/info
Approfondimento :
http://www.microsoft.com/technet/sec...ry/945713.mspx