MS04-039: ISA Server 2000 and Proxy Server 2.0

By Steven
in Back Page News

 Share

Recommended Posts

Grand Master

Steven

Posted
Posted (edited)

Microsoft Security Bulletin MS04-039

Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258)

Issued: November 9, 2004

Updated: November 16, 2004

Version: 3.0

Summary

Who should read this document: Customers who use Microsoft Proxy Server 2.0 or Microsoft Internet Security and Acceleration (ISA) Server 2000

Impact of Vulnerability: Spoofing

Maximum Severity Rating: Important

Recommendation: Customers should install the update at the earliest opportunity.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

?Microsoft Proxy Server 2.0 Service Pack 1? Download the update

?Microsoft Internet Security and Acceleration Server 2000 Service Pack 1 and Microsoft Internet Security and Acceleration Server 2000 Service Pack 2 ? Download the update

Note The following software programs include Microsoft Internet Security and Acceleration Server 2000 (ISA Server 2000). Customers using these software programs should install the provided ISA Server 2000 security update.

?Microsoft Small Business Server 2000

?Microsoft Small Business Server 2003 Premium Edition

Non-Affected Software:

?Microsoft Internet Security and Acceleration (ISA) Server 2004

The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following Microsoft Support Lifecycle Web site.

Executive Summary:

This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. This vulnerability could enable an attacker to spoof trusted InterWe recommend that customers install the update at the earliest opportunity. ortunity.

Revisions:

? V1.0 (November 9, 2004): Bulletin published

? V2.0 (November 9, 2004): Bulletin updated to reflect the release of an updated ISA Server 2000 security update for the German language only. This issue does not affect any other language version of this security update. The Security Update Replacement section has also been revised.

? V3.0 (November 16, 2004): Bulletin updated to reflect the release of updated ISA Server 2000 security updates for all languages. These issues affected customers using ISA Server 2000 Service Pack 1 or using Windows 2000 Service Pack 3. The Security Update Replacement section has also been revised.

http://www.microsoft.com/technet/security/...n/MS04-039.mspx

Edited by Steven
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.