Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability

Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability

The Microsoft Windows WINS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) and ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) entries.

An authenticated attacker may exploit this issue to create a WPAD or ISATAP WINS entry. This may aid in man-in-the-middle and spoofing attacks. Other attacks are also possible.