Microsoft Security Advisory (945713): Vulnerability in Web Proxy Auto-Discovery (WPAD


 
Thread Tools Search this Thread
Special Forums Windows & DOS: Issues & Discussions Security Advisories (RSS) - Microsoft Microsoft Security Advisory (945713): Vulnerability in Web Proxy Auto-Discovery (WPAD
# 1  
Old 12-30-2008
Microsoft Security Advisory (945713): Vulnerability in Web Proxy Auto-Discovery (WPAD

Revision Note: Advisory Updated: The registry key for the Configure a Domain Suffix Search List workaround has been corrected to the proper key of SearchList. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as â??contoso.co.usâ??, or for whom the following mitigating factors do not apply, are at risk from this vulnerability.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question
secweb(1M)																secweb(1M)

NAME
secweb - invokes the HP-UX Auditing and Security Attributes Configuration tool SYNOPSIS
[ ] [ ] DESCRIPTION
The HP-UX Auditing and Security Attributes Configuration tool ( ) is used to configure suditing sub-system and, view and configure system- wide and per-user (Local users and NIS users) values of security attributes. It also gives information about account locks. The HP-UX Auditing and Security Attributes Configuration tool provides both Web-based and terminal user interface (for Security Attributes Configuration only). The Web-based interface is launched through the HP System Management Homepage. Superuser privileges are required to access the HP-UX Auditing and Security Attributes Configuration tool. A user who does not have supe- ruser privileges has read-only access to the System Defaults area in the HP-UX Auditing and Security Attributes Configuration tool and can- not modify or reset per-user values. The terminal user interface is invoked if any of the following conditions are true: o The command is invoked with option. o The environment variable is not set. The Web-based interface is launched if all the following conditions are true: o The command is invoked with option. o The environment variable is set. o The command is available on the system. If the Web-based interface cannot be launched, invokes the terminal user interface. Options recognizes the following options: Forces a client browser to be used in less secure ways. The option forces the client browser to be used or started, even when the X-traffic between the X-server and the Mozilla browser is not secure. Use this option only when you are sure the network traffic between the host where Mozilla is running and the host in the DISPLAY variable is secure. If cannot start the Web browser, the terminal interface is started. When the HP-UX Auditing and Security Attributes Configuration Web interface is invoked by SAM, the option is used. If a privileged user (root) executes the command with the option, a temporary login bypass key is generated. The bypass key enables the user to access the Web interface without having to provide login information again. When the HP-UX Auditing and Security Attributes Configuration Web interface is invoked by SAM, the option is used. Opens the terminal interface for setting system-wide and per-user values of security attributes regardless of the current setting of the environment variable. You can also start the HP-UX Auditing and Security Attributes Configuration tool using one of the following methods: o Invoke and select the Auditing and Security Attributes Configuration (character mode) functional area to launch the terminal user interface and the Auditing and Security Attributes Configuration (Web-based Interface) to launch the Web-based tool o Invoke the HP-UX Auditing and Security Attributes Configuration tool Web interface by typing the URL in the address bar of your browser, where hostname is the name of the server o Launch the HP-UX Systems Insight Manager on the server and select the Auditing and Security Attributes Configuration tool from Configure -> HP-UX Configuration menu Online Help After the HP-UX Auditing and Security Attributes Configuration tool is started, the online help provides details on how to use the tool. RETURN VALUES
Upon completion, secweb returns one of the following values: o 0 Successful o 1 An error occurred WARNINGS
o For increased security, paste the URL in your browser, click on the Tools menu in the menu bar, then the Auditing and Security Attributes Configuration functional area. o The default minimum values of the security attributes , , , and does not meet the requirements for passwd(1M) command. A password must contain at least two letters and at least one numeric or special character. It is recommended to change the default values in for the above mentioned security attributes as per passwd(1M) requirements. For more information on password construction requirements, refer passwd(1M). AUTHOR
was developed by Hewlett-Packard Company. SEE ALSO
sam(1M), security(4), userdb(4) secweb(1M)