Endpoint Vulnerability

Microsoft: WPAD Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker could respond to NetBIOS name requests for WPAD. The update addresses the vulnerability by correcting how Windows handles proxy discovery.

Affected Products

Windows RT 8.1,Windows Vista x64 Edition Service Pack 2,Internet Explorer 9,Windows Server 2012,Internet Explorer 11,Windows 8,Windows Server 2008,Windows 10,Windows 7,Windows Vista Service Pack 2

References

CVE-2016-3213,