CVE-2009-0094

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 SP4 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 SP2

Description The issue concerns the WINS server in Microsoft Windows, which does not properly restrict the registration of specific NetBIOS names, wpad and isatap. This allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features. As a result, attackers can conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route. This is achieved by registering one of these names in the WINS database.

Recommendations For Microsoft Windows 2000 SP4, apply the necessary patch to restrict the registration of wpad and isatap NetBIOS names. For Microsoft Windows Server 2003 SP1, apply the necessary patch to restrict the registration of wpad and isatap NetBIOS names. For Microsoft Windows Server 2003 SP2, apply the necessary patch to restrict the registration of wpad and isatap NetBIOS names.