News

Microsoft Fixes IE 5 Bug

Microsoft has released a version upgrade that eliminates a vulnerability in Internet Explorer 5. Under certain conditions, the vulnerability could allow a malicious user to porvide proxy settings to Web clients in another network.

The Internet Explorer 5 Web Proxy Auto-Discovery (WPAD) feature enables Web clients to automatically detect proxy settings without user intervention. The algorithm used by WPAD adds the hostname "wpad" as a prefix to the fully-qualified domain name and progressively removes subdomains until it either finds a WPAD server answering the hostname or reaches the third-level domain. For instance, Web clients in the domain a.b.domain.com would query wpad.a.b.domain, wpad.b.domain.com, then wpad.domain.com. The vulnerability arises because in international usage, the third-level domain may not be trusted. A malicious user could set up a WPAD server and serve proxy configuration commands of his choice.

Microsoft Internet Explorer 5 is known to be affected by this vulnerability. The vulnerability is eliminated by Internet Explorer 5.01, which is available at http://www.microsoft.com/msdownload/iebuild/ie501_win32/en/ie501_win32.htm.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Starts Countdown to Dynamics GP End-of-Support

    Dynamics GP, Microsoft's venerable enterprise resource planning (ERP) solution for midsized businesses, is set to lose support in four years.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Windows Recall Preview Starts Rolling Out with Windows 11 24H2

    Microsoft on Tuesday began rolling out Windows 11 version 24H2, describing the update as a "full OS swap that contains new foundational elements required to deliver transformational Al experiences and exceptional performance."

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.