Microsoft Update MS09-008 Fails To Protect Against Windows DNS Attacks

Windows Security : Microsoft Update MS09-008 Fails To Protect Against Windows DNS Attacks

Posted by Max on 2009/3/16 9:10:00 (1059 reads)

Update MS09-008 was meant to patch windows DNS and WINS servers. The patch does not effectively protect against a vulnerability in DNS servers that could be exploited by cyber-crooks to redirect users to a malicious proxy. Cyber-crooks could monitor users' internet movements, access their confidential data and even redirect them to malicious web pages.

PandaLabs, Panda Security's malware analysis and detection laboratory, today issued a warning to Microsoft users that one of the company's latest security updates does not fix the vulnerability it was meant to patch. Update MS09-008, released yesterday by Microsoft, was designed to fix four vulnerabilities in Windows DNS server and WINS server. However, an unpatched flaw has been detected in the DNS server, more specifically in WPAD (Web Proxy Autodiscovery Protocol) registration. WPAD is a service that allows automatic detection of proxy settings without user intervention.

This vulnerability could be used to launch "man-in-the-middle" attacks on Windows DNS servers. Clients have to download WPAD entries from the DNS server, and those entries are ones that could be affected by the "man-in-the-middle" attack. An attacker that exploited this vulnerability successfully could redirect users' traffic through a malicious proxy. A proxy is a program or device widely used in companies to connect all computers in a network to the Internet through a single computer.

"If an attacker manages to redirect targeted users to a malicious proxy they could obtain private information, redirect them to malicious pages in order to infect them with malware or monitor their Internet movements, etc.," explains Luis Corrons, Technical Director of PandaLabs.

PandaLabs advises users who use these systems to be extra cautious and keep an eye on new Microsoft updates to patch this vulnerability as soon as possible.

About PandaLabs
Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

More information is available in the PandaLabs blog: http://www.pandalabs.com

Previous article - Next article

Other articles
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications
2010/1/19 15:53:17 - OpenVAS, the New Open Source Vulnerability Scanner
2010/1/7 5:40:00 - Beware of Rogue Antispyware Named Eco AntiVirus. It's a FAKE
2010/1/7 5:30:00 - Blue Coat's K9 FREE Web Filtering Product Expands to Windows 7
2010/1/6 5:40:00 - NEW Ares P2P Windows 7 Release. Official Release of The Popular P2P Program, Ares.
2010/1/6 5:20:56 - Top 10 Malware Threats for December Presented By Sunbelt Software
2010/1/6 4:53:11 - New Service Shows WHO Installed Spyware on Your PC
2010/1/6 4:45:28 - Overweight Adults Respond More To Weight Loss Spam E-mails
2009/12/30 12:34:17 - Novosoft Provides 20% Discounts and Holidays Gifts on Handy Backup. FREE LICENSES INSIDE !

The comments are owned by the poster. We aren't responsible for their content.