WPAD Beware – MS09-008: Description of the security update for DNS server: March 10 2009

You might be aware that with the Windows Server 2008 DNS Server, that are there certain names that are blocked by default. These names are ISATAP and WPAD. Users of Windows Server 2003 DNS serversimage didn’t have to worry about this issue because there was no name blocking feature for these servers.

However, if you installed MS09-008, things have changed. However, you might not have noticed it. If you already have a WPAD entry in your Windows Server 2003 DNS server, it will not be blocked. But if you stand up a new Windows Server 2003 DNS Server, get it fully up to date, and then configure a WPAD entry, you might be surprised to find that your clients’ DNS query requests for WPAD will fail.

You can read more about MS09-008 at http://support.microsoft.com/kb/961063/

To fix the problem with WPAD name resolution, check out http://support.microsoft.com/kb/968732/en-us

An interesting response in the Q&A for this article:

  • I have a WPAD server deployed in my network. Will I be affected?
    Answer: No. If you have WPAD deployed in a network, and you already have the name WPAD registered in DNS, then it will not be blocked. However, if you have WPAD in the network and it uses DHCP to distribute the wpad.dat file with nothing in DNS, then the DNS query for WPAD will be blocked.
  • Can I use DNSCMD.exe to configure the block list?

    I guess what they’re trying to say here is that if you won’t have a DNS record for WPAD, then the DNS server will not answer queries for wpad 🙂

    HTH,

    Tom

    Thomas W Shinder, M.D., MCSE
    Sr. Consultant / Technical Writer

    image
    Prowess Consulting www.prowessconsulting.com

    PROWESS CONSULTING | Microsoft Forefront Security Specialist
    Email: [email protected]
    MVP — Forefront Edge Security (ISA/TMG/IAG)

  • Leave a Comment

    Your email address will not be published.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Scroll to Top