News

Microsoft Confirms DoS Vulnerability in ISA Server 2000

Microsoft Corp. this week acknowledged a security vulnerability in its first security product for the enterprise, Internet Security and Acceleration (ISA) Server 2000.

A flaw in the Web proxy service with ISA Server 2000 makes it vulnerable to internal, and in some cases external, Denial of Service (DoS) attacks.

Microsoft issued a patch for the vulnerability earlier this week. The problem was reported by a security team at FSC Internet Corp.

It is unlikely that it affects many users since ISA has only been generally available since mid-February. ISA serves as a combination Web Proxy server, replacing Proxy Server 2.0, and an enterprise firewall.

The flaw occurs because ISA's Web Proxy service handles Web requests improperly if they exceed a particular length. Processing the request causes an access violation and causes the Web Proxy service to fail.

A server struck by a DoS attack exploiting the vulnerability would not need to be rebooted, and all ISA services other than Web Proxy would continue working normally. Only the Web Proxy service would need to be restarted.

Any internal user could initiate the DoS attack unless the patch is installed. External Internet users could only exploit the vulnerability if the Web Publishing service, which is disabled by default, is turned on.

According to Microsoft, the vulnerability will not allow malicious users to escalate their privileges or bypass the firewall.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Azure Backup for SQL Server Now Commercially Available

    Microsoft on Monday announced that Azure Backup for SQL Server had reached "general availability" status, meaning it's deemed ready for production-environment use.

  • Insights for MyAnalytics Getting Switched On for Office 365 Users This Month

    Microsoft is planning to activate "Insights for MyAnalytics" sometime late this month for most Office 365 users, but the ability of organizations to manage this feature won't be available until possibly mid-May.

  • SharePoint Framework 1.8 Now Generally Available

    Microsoft this week announced that SharePoint Framework 1.8 had reached "general availability" status, although some features are still at the preview stage.

  • How To Create Office 365 User Accounts in Bulk

    Manual account creation can be tedious, time-consuming and prone to human error, especially if you have more than a handful of Office 365 users to set up. Brien shows you a better way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.