CVE-2009-0093

Name of the Vulnerable Software and Affected Versions Windows DNS Server versions in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008

Description The issue allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, enabling them to conduct man-in-the-middle attacks by spoofing a proxy server. This is achieved via a Dynamic Update request for the wpad hostname when dynamic updates are enabled.

Recommendations For Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, restrict registration of the wpad hostname to prevent hijacking of the Web Proxy Auto-Discovery (WPAD) feature. As a temporary workaround, consider disabling dynamic updates until a patch is available.