Microsoft Confirms DoS Vulnerability in ISA Server 2000 -- Microsoft Certified Professional Magazine Online

Microsoft Confirms DoS Vulnerability in ISA Server 2000

By Scott Bekker
04/18/2001

Microsoft Corp. this week acknowledged a security vulnerability in its first security product for the enterprise, Internet Security and Acceleration (ISA) Server 2000.

A flaw in the Web proxy service with ISA Server 2000 makes it vulnerable to internal, and in some cases external, Denial of Service (DoS) attacks.

Microsoft issued a patch for the vulnerability earlier this week. The problem was reported by a security team at FSC Internet Corp.

It is unlikely that it affects many users since ISA has only been generally available since mid-February. ISA serves as a combination Web Proxy server, replacing Proxy Server 2.0, and an enterprise firewall.

The flaw occurs because ISA's Web Proxy service handles Web requests improperly if they exceed a particular length. Processing the request causes an access violation and causes the Web Proxy service to fail.

A server struck by a DoS attack exploiting the vulnerability would not need to be rebooted, and all ISA services other than Web Proxy would continue working normally. Only the Web Proxy service would need to be restarted.

Any internal user could initiate the DoS attack unless the patch is installed. External Internet users could only exploit the vulnerability if the Web Publishing service, which is disabled by default, is turned on.

According to Microsoft, the vulnerability will not allow malicious users to escalate their privileges or bypass the firewall. –

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Register! Top 5 Hybrid AD Management Mistakes and How to Avoid Them