WPAD Exploits
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Affected platforms
The following platforms are known to be affected:
Threat details
It links together several vulnerabilities and can affect a fully patched Windows 10 system. It focuses on attacking the engine that interprets the JavaScript PAC files used by the WPAD service. Seven vulnerabilities that allowed malicious code execution were found and are as follows: PAC files specifically contain JavaScript instructions that tell a browser what proxy to use in order to get to a certain website. If an attacker were to successfully inject their own malicious PAC file, they would be able to monitor the victim’s traffic whenever a browser request is made. The vulnerabilities allow an attacker to execute untrusted JavaScript files on a system. This in turn, allows an attacker to gain remote command execution.
It links together several vulnerabilities and can affect a fully patched Windows 10 system. It focuses on attacking the engine that interprets the JavaScript PAC files used by the WPAD service. Seven vulnerabilities that allowed malicious code execution were found and are as follows:
A PAC file is a configuration file. In order to determine the correct proxy configuration, the browser connects to a pre-configured server in order to download the PAC file and executes Javascript functions. The WPAD protocol however, makes a pre-configured server unnecessary and allows a system to determine the server the PAC file is downloaded from. It should be noted that other programs outside of Internet Explorer use WPAD, but in most cases, support for WPAD isn’t enabled by default.
Remediation steps
CVE Vulnerabilities
Last edited: 17 February 2020 11:41 am