Reported January 13, 2004, by Microsoft.

 

 

 

VERSIONS AFFECTED

 

·         Microsoft Internet Security and Acceleration Server 2000 (ISA Server)

 

DESCRIPTION

·         A vulnerability in Microsoft Internet Security and Acceleration Server 2000 (ISA Server) can permit an attacker to run code of his or her choice under the security context of the Microsoft Firewall Service. This vulnerability stems from a buffer overrun in ISA Server's H.323 filter. The H.323 filter is enabled by default on ISA Server servers that are installed in integrated or firewall mode.

VENDOR RESPONSE

Microsoft has released security bulletin MS04-001, "Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

CREDIT

Discovered by UK National Infrastructure Security Co-ordination Centre (NISCC).