(whitepaper) Microsoft WPAD Technology Weaknesses [PTResearch Team]

[srublev () ptsecurity ru]

WPAD (Web Proxy Auto Discovery) is a method used by web clients to automatically
locate a browser configuration file used to connect through proxy.

Successful attack on WPAD guarantees attackers full access
on user data sent to Internet which could allow stealing critical data like passwords or
credit card numbers. WPAD potential danger depends on two factors: default
configuration and weak awareness among users.

In this article we discuss WPAD architecture and its many functioning principles in home
and corporate networks, real examples of attacks and give recommendations for ordinary
users and system administrators that allow reducing attack consequences.

Whitepaper:

http://www.securitylab.ru/_download/articles/wpad_weakness_en.pdf

Simple Freeware Network Checker to detect potentially dangerous entries in DNS and WINS name servers:

http://www.securitylab.ru/news/extra/380522.php
Direct url:
http://www.ptsecurity.ru/download/wpadcheck_en.zip


Notes:
* The utility does not recognize DNS and WINS services so do not scan hosts without this services – it is useless;
* .NET Framework. Is required for the utility.

---
I hope this is helpful.

Sergey

---------------------------
About Positive Technologies

Positive Technologies www.ptsecurity.com is among the key players in the IT security market in Russia.
The principal activities of the company include the development of integrated tools for information security monitoring 
(MaxPatrol); providing IT security consulting services and technical support; the development of the Securitylab 
en.securitylab.ru leading Russian information security portal.

PTResearch Lab:
http://en.securitylab.ru/lab/