Published by Windows IT Pro Network
=============================
Security Alert, June 16, 2005
Two Problems in ISA Server 2000
Steve Orrin of Watchfire and Han Valk reported two problems in Microsoft ISA Server 2000 Service Pack 2 (SP2). ISA Server doesn't properly process malformed HTTP requests, which could let an intruder poison the cache, bypass content restrictions, access unauthorized content, or redirect other ISA Server users to various content.
Also, the process used by ISA Server to validate NetBIOS contains a vulnerability that could allow an intruder to gain access with elevated privileges and to connect to services using the NetBIOS protocol.
Microsoft released a security bulletin, Cumulative Security Update for ISA Server 2000 (899753), and an associated patch to correct these problems.
Thank you for subscribing to Security UPDATE. Please tell your friends about this newsletter and alert list!
This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All Rights Reserved.
