MajorRev: v3.0 Microsoft Security Bulletin MS04-039 - Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258)

From: Russ Cooper (Russ.Cooper_at_TRUSECURE.CA)
Date: 11/16/04

  • Next message: k levinson: "Re: possible regedit bulk key deletion vulnerability (Revised)"
    Date:         Tue, 16 Nov 2004 13:30:07 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Microsoft Security Bulletin MS04-039:
    Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258)

    Bulletin URL:
    <http://www.microsoft.com/technet/security/bulletin/MS04-039.mspx>

    Reason for Revision: Bulletin updated to reflect the release of updated ISA Server 2000 security updates for all languages. These issues affected customers using ISA Server 2000 Service Pack 1 or using Windows 2000 Service Pack 3. The Security Update Replacement section has also been revised.
    Version Number: 3.0
    Issued Date: Tuesday, November 09, 2004
    Revision Date: Tuesday, November 16, 2004
    Impact of Vulnerability: Spoofing
    Maximum Severity Rating: Important
    Patch(es) Replaced: This security update replaces the security updates that are provided as part of MS03-012. This includes the security updates for both ISA Server 2000 and Proxy Server 2.0.
    Caveats: Microsoft Knowledge Base Article 888258 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 888258.

    Tested Software:
    Affected Software:
    ------------------
    * Microsoft Proxy Server 2.0 Service Pack 1
    <http://tinyurl.com/65vb5>
    * Microsoft Internet Security and Acceleration Server 2000 Service Pack 1 and Microsoft Internet Security and Acceleration Server 2000 Service Pack 2 Note The following software programs include Microsoft Internet Security and Acceleration Server 2000 (ISA Server 2000). Customers using these software programs should install the provided ISA Server 2000 security update.
    - Microsoft Small Business Server 2000
    - Microsoft Small Business Server 2003 Premium Edition
    <http://tinyurl.com/59pf4>

    Technical Description:
    ----------------------
    * Spoofing Vulnerability - CAN-2004-0892: This is a spoofing vulnerability that exists in the affected products and that could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site. However, an attacker would first have to persuade a user to visit the attacker's site to attempt to exploit this vulnerability.

    Revision History:
    -----------------
    * v1.0 - 11/9/2004: Bulletin published
    * v2.0 - 11/9/2004: Bulletin updated to reflect the release of an updated ISA Server 2000 security update for the German language only. This issue does not affect any other language version of this security update. The Security Update Replacement section has also been revised.
    * v3.0 - 11/16/2004: Bulletin updated to reflect the release of updated ISA Server 2000 security updates for all languages. These issues affected customers using ISA Server 2000 Service Pack 1 or using Windows 2000 Service Pack 3. The Security Update Replacement section has also been revised.

    This email is sent to NTBugtraq automagically as a service to my subscribers. (v4.01.1664.40858)

    Cheers,
    Russ - Senior Scientist - TruSecure Corporation/NTBugtraq Editor

    --
    Editor's Note: The 43rd Most Powerful Person in Networking says...
    Register today to take the TruSecure ICSA exam by 12/31/04  at
    <http://www.2test.com> ,  use promo code "CT1204" and you will pay just
    $221.25 US Dollars for domestic exam delivery and  $296.25 US Dollars
    for international delivery.
    Visit <https://ticsa.trusecure.com>  for complete details regarding the
    TICSA credential and to take the free sample exam.
    --
    

  • Next message: k levinson: "Re: possible regedit bulk key deletion vulnerability (Revised)"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #103
      ... MICROSOFT VULNERABILITY SUMMARY ... Computalynx CMail POP3 Server DELE Function Denial Of Service... ... IIS and Frontpage Extensions Vulnerability. ... This article will offer a brief overview of some of the steps security ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter # 150
      ... - automatically set positive security policies for real-time protection, ... MICROSOFT VULNERABILITY SUMMARY ... Meteor FTP Server USER Memory Corruption Vulnerability ... MDaemon SMTP Server Null Password Authentication Vulnerabili... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #174
      ... This issue sponsored by: Tenable Network Security ... the worlds only 100% passive vulnerability ... MICROSOFT VULNERABILITY SUMMARY ... Novell Netware Enterprise Web Server Multiple Vulnerabilitie... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #73
      ... Intrusion detection through NT/2000 security logs: ... MICROSOFT VULNERABILITY SUMMARY ... NetScreen ScreenOS Port Scan DoS Vulnerability ... MS Site Server Unauthorized SQL Command Injection Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #90
      ... MICROSOFT VULNERABILITY SUMMARY ... Evolvable Shambala Server FTP Server Directory Traversal... ... SBS 2000 accounts security settings ... Windows operating sytems. ...
      (Focus-Microsoft)