CVE-2016-3213

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511 Internet Explorer versions 9 through 11

Description The Web Proxy Auto Discovery (WPAD) protocol implementation has an improper fallback mechanism, allowing remote attackers to gain privileges via NetBIOS name responses. This issue is related to insufficient access control in the WPAD protocol implementation in Windows and Internet Explorer, which can be exploited by a remote attacker to elevate their privileges. An elevation-of-privilege vulnerability exists when the WPAD protocol falls back to a vulnerable proxy discovery process, allowing an attacker to bypass security and gain elevated privileges on a targeted system.

Recommendations For Microsoft Windows versions Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, consider disabling the WPAD protocol as a temporary workaround until a patch is available. For Internet Explorer versions 9 through 11, restrict access to the NetBIOS name response mechanism to minimize the risk of exploitation. As a general mitigation measure, ensure that the WPAD protocol is properly configured and consider implementing additional security controls to prevent elevation-of-privilege attacks.