Reported April 9, 2003, by
Microsoft.
VERSIONS AFFECTED
·
Microsoft ISA Server 2000
·
Microsoft Proxy Server 2.0
DESCRIPTION
A
vulnerability in Microsoft’s ISA Server 2000 and Proxy Server 2.0 can result
in a Denial of Service (DoS) condition on the vulnerable server. This
vulnerability is a result of flaw in the Winsock Proxy service. The
vulnerability lets malicious users on the internal network send specially
crafted packets to cause the server to stop responding to internal and external
requests. Receipt of such a packet causes CPU utilization on the server to reach
100 percent.
VENDOR RESPONSE
Microsoft
has released Security Bulletin MS03-012,
"Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of
Service (331066)," to address this vulnerability and recommends that
affected users immediately apply the patch mentioned in the bulletin.
CREDIT
Discovered by Microsoft.