Microsoft Windows DNS Server WPAD Access Validation Vulnerability

Microsoft Windows DNS Server WPAD Access Validation Vulnerability

The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) entries.

An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid in man-in-the-middle and spoofing attacks. Other attacks are also possible.