Loading...

Knowledge Center


How to block Web Proxy Auto Discovery Protocol vulnerabilities in Microsoft Windows
Technical Articles ID:   KB90075
Last Modified:  12/21/2017

Environment

McAfee Endpoint Security Firewall (ENS Firewall) 10.x
McAfee Host Intrusion Prevention (Host IPS) 8.0

Microsoft Windows

Problem

Microsoft Security Bulletin MS16-077 provides details about the vulnerabilities in Microsoft Windows using the Web Proxy Auto Discovery Protocol (WPAD). The most severe of the vulnerabilities could allow elevation of privilege, if the WPAD protocol falls back to a vulnerable proxy discovery process on a target system.

Solution

Technical Support recommends that you install the Microsoft Security Update to resolve this vulnerability.

Please review the Microsoft Security Bulletin and download the Security Update at: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077.

Workaround

If you are unable to install the Microsoft Security Update, you can disable WPAD using either of the following methods.

Method 1: Disable WPAD by disabling WINS/NetBT name resolution:
  1. Open Network Connections.
  2. Click the Local Area Connection to be statically configured, and then from the File menu, click Properties.
  3. In the list of components, click Internet Protocol (TCP/IP), and then click Properties.
  4. Click Advanced, click the WINS tab, and then click Disable NetBIOS over TCP/IP. Optionally, you can select the Use NetBIOS setting on the DHCP server if you are using a DHCP server that can selectively enable and disable NetBIOS configuration through DHCP option types.
  5. Reboot the system for the change to take effect.

Method 2: Stop WPAD using a host file entry:
  1. Open the host file located at following location as an administrator: %systemdrive%\Windows\System32\Drivers\etc\hosts
  2. Create the following entry for WPAD in the host file: 255.255.255.255 wpad.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Languages:

This article is available in the following languages:

English United States
Spanish Spain
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.