A recent set of vulnerabilities (known as aPAColypse) related to Web Proxy Auto Discovery Protocol (WPAD) and Proxy Auto-Config (PAC) have been discovered.
Several vulnerabilities are used in conjunction and can affect a fully patched Windows 10 system.
Affected Platforms : Microsoft Internet Explorer – All Versions
Disable the WPAD service in Internet Explorer or use an alternative browser.
Disable the “WinHttpAutoProxySvc” service. This is not recommended unless an alternative is in place. Sometimes this can’t be done in the Services UI (“Startup type” control will be grayed out) due to other services depending on WPAD, but it can be done via the corresponding registry entry. Under “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc” change the value of “Start” from 3 (manual) to 4 (disabled).
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.