Alert: Microsoft Security Bulletin MS04-001 - Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 01/13/04

  • Next message: Russ: "Alert: Microsoft Security Bulletin MS04-002 - Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759)"
    Date:         Tue, 13 Jan 2004 15:24:49 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Microsoft Security Bulletin MS04-001:
    Vulnerability in Microsoft Internet Security and Acceleration Server
    2000 H.323 Filter Could Allow Remote Code Execution (816458)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS04-001.asp

    Summary:
     Version Number: V1.0
     Revision Date: 01-13-2004
     Impact of Vulnerability: Remote Code Execution
     Maximum Severity Rating: Critical
     Patch(es) Replaced: None
     Caveats: None
     CVE Number(s): CAN-2003-0819

    Tested Software:
     Affected Software:
     * Microsoft Internet Security and Acceleration Server 2000
    <http://www.ntbugtraq.com/link/CBE42990-4156-4E1D-9ACB-4CD449D9599B.asp>
     * Microsoft Small Business Server 2000 (which includes Microsoft
    Internet Security and Acceleration Server 2000)
    <http://www.ntbugtraq.com/link/CBE42990-4156-4E1D-9ACB-4CD449D9599B.asp>
     * Microsoft Small Business Server 2003 (which includes Microsoft
    Internet Security and Acceleration Server 2000)
    <http://www.ntbugtraq.com/link/CBE42990-4156-4E1D-9ACB-4CD449D9599B.asp>

     Software Not Affected:
     * Microsoft Proxy Server 2.0

    Technical Description:

    A security vulnerability exists in the H.323 filter for Microsoft
    Internet Security and Acceleration Server 2000 that could allow an
    attacker to overflow a buffer in the Microsoft Firewall Service in
    Microsoft Internet Security and Acceleration Server 2000. An attacker
    who successfully exploited this vulnerability could try to run code of
    their choice in the security context of the Microsoft Firewall Service.
    This would give the attacker complete control over the system. The H.323
    filter is enabled by default on servers running ISA Server 2000
    computers that are installed in integrated or firewall mode.

    This email is sent to NTBugtraq automagically as a service to my
    subscribers. (v2.2)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----
    Editor's Note: The 43rd Most Powerful Person in Networking says...

    Wondering how to unsubscribe from NTBugtraq? Just send a message to Listserv@listserv.ntbugtraq.com with unsubscribe ntbugtraq in the message body, you don't need a subject line. If it says you aren't subscribed, you've either subscribed with a different email address or your address has changed somehow. Just email Russ.Cooper@rc.on.ca and I'll remove you.
    -----


  • Next message: Russ: "Alert: Microsoft Security Bulletin MS04-002 - Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759)"

    Relevant Pages

    • Re: ISA & JT print
      ... > protocol definition for this to allow client access out. ... MicrosoftInternet Security and Acceleration Server 2000 ...
      (microsoft.public.backoffice.smallbiz)
    • Re: External website ... same domain name
      ... Delete the ISA cache? ... How to Delete the Web Cache on Internet Security and Acceleration Server ... And I can ping it and it resolves correctly. ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: cant download from microsoft
      ... not microsoft... ... i get page cannot be displayed errors. ... no, my firewall and internet security are disabled, as well as pop-up ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: msconfig question
      ... They are not from Microsoft, they are disguised to look like they are coming ... Evidentally your internet security settings are allowing these, ... "Norvin" wrote in message ... >> Spyware Blaster: www.javacoolsoftware.com/spywareblaster.html ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Cannot get into RWW from outside
      ... > Pulling my hair out at this point. ... > Internet Security and Acceleration Server ...
      (microsoft.public.windows.server.sbs)