Don't know if this is only a MS problem--maybe not. Firefox is vulnerable too. Seems that if you still need to use PAC files and enable WPAD-- man in the middle attacks are too easily accomplished. From the latest DefCon. Please see: https://slashdot.org . Near the bottom of today's (Aug 13) front page.
It's a vulnerability in the protocol, but WPAD is only enabled by default on Windows boxen, meaning that users of other OSen are safe to the extent that they don't have it enabled by default, and therefore aren't vulnerable 'out of the box'. However, if they have enabled the protocol for some reason (it's primarily used in an enterprise environment, so network policy might have it turned on), then they have a problem. This is not really something new; the issue has actually been known for a while. Here's an exploit from 2013 that uses essentially the same hole. Here's a paper discussing ways to compromise WPAD from 2009. Up to now it's been considered mostly a low security thing because it was typically only really exploitable on a corporate network, and if it could be exploited there, your network had other problems, or so the thinking went. The protocol itself is a nice idea (configuration of a web proxy from a central source) as it makes the lives of System Administrators easier, but its implementation leaves far too many possible attack vectors open.
Thank you very much for your explanation, Gizmo! As nearly always you know much more about the subject than I do.
