News

ISA, Proxy Server Vulnerable to DoS Attack

Microsoft Internet Security & Acceleration Server and Proxy Server 2.0 are vulnerable to a denial-of-service attack due to a flaw in the way services in the two products handle a response from remote clients.

Microsoft rated the issue as "Important" on its vulnerability threat scale and encouraged administrators to patch systems "at the earliest available opportunity." A bulletin describing the vulnerability and providing a patch can be found at www.microsoft.com/technet/security/bulletin/MS03-012.asp.

The vulnerability is open to attackers on an internal networks who would send a specially crafted packet that would cause the server to stop responding to internal and external requests. CPU utilization reaches 100 percent, making the server unresponsive. Microsoft acknowledged that an Internet-based attack is possible but rare because the default settings prevent it.

ISA Server is affected when being used as a firewall because the vulnerability occurs in the Microsoft Firewall Service on that product. When used strictly as a caching server, ISA 2000 is not vulnerable.

In Proxy Server 2.0, it is the Winsock Proxy service that presents the flaw. Previous versions of Proxy Server are not supported and weren't tested.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.