Reported April 9, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft ISA Server 2000

·         Microsoft Proxy Server 2.0

 

DESCRIPTION

 

A vulnerability in Microsoft’s ISA Server 2000 and Proxy Server 2.0 can result in a Denial of Service (DoS) condition on the vulnerable server. This vulnerability is a result of flaw in the Winsock Proxy service. The vulnerability lets malicious users on the internal network send specially crafted packets to cause the server to stop responding to internal and external requests. Receipt of such a packet causes CPU utilization on the server to reach 100 percent.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-012, "Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service (331066)," to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.

 

CREDIT          

Discovered by Microsoft.