Eight-year old Windows flaw resurfaces

By Justin Mann on
Microsoft issued an alert this week regarding a Windows security risk that could redirect someone to an arbitrary website. Interestingly, the flaw is not new. In fact, it was originally patched eight years ago, but has now supposedly been “rediscovered”. Considering the massive facelift that Windows has seen since then, most notably with desktops switching from the older 9x architecture to the NT architecture, this is fairly plausible.

The flaw is present due to how Windows resolves hostnames, and would require someone on the outside to have registered a name that is likely to be given out as a DNS suffix. It could potentially be a problem with smaller ISPs, but there are no “reported” attacks using this particular flaw. In a worst-case scenario, a fake WPAD server could issue out bad DNS results to a machine, letting them redirect people to fake sites. The article clams that as many as 160,000 machines in New Zealand could be affected, let alone worldwide, but it is still unlikely that the problem is widespread.

Likely the issue will be fixed in the next patch cycle. Maybe.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.