Microsoft Security Update Fails
PandaLab’s IT security laboratory has issued an advisory to the users against Microsoft’s MS09-008 update released recently, which is designed to fix vulnerabilities in Windows DNS server and WINS server. According to the press statement, an unpatched flaw has been detected in the DNS server, specifically in WPAD (Web Proxy Autodiscovery Protocol ) registration.
"If an attacker manages to redirect targeted users to a malicious proxy they could obtain private information, redirect them to malicious pages in order to infect them with malware or monitor their Internet movements," said Luis Corrons, technical director at PandaLabs.
This vulnerability could be used to launch "man-in-the-middle" attacks on Windows DNS servers. Clients have to download WPAD entries from the DNS server, and these entries could be affected by the attack. An attacker, who could exploit this vulnerability, may successfully redirect users’ traffic through a malicious proxy.
However, the laboratory further advises the users who use these systems to be extra cautious and keep an eye on new Microsoft updates to patch this vulnerability as soon as possible.
- Poor Router Security Makes Indians Vulnerable To Cyber Attacks
- What's BitLocker’s Role In Encryption And Compliance?
- Why 4 out of 10 Security Alerts Go Attended Daily In India?
- Is There A Weak Link In Your Encryption Strategy?
- New Security Flaw Grips Most Modern Laptops: F-Secure Researchers
- Multi-Factor Authentication Can Mitigate Password Risks: Study
- Policybazaar Deploys Trend Micro’s Solutions To Boost Security
- Focus On Visibility To Prevent Cyber Threat, Says Skybox Exec
- Using Digital Transformation To Secure Your Bank Locker
- 96 pc of Firms Experienced At Least One Severe Exploit, Says Study