Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution

Thomas Shinder photo
A new vulnerability has been discovered in the H.323 filter for ISA Server 2000. We recommend that all ISA Server 2000 administrators install this patch immedidately. See the article for more information.

Vulnerability in Microsoft Internet Security and Acceleration Server 2000
H.323 Filter Could Allow Remote Code Execution 

Reported by:
Thomas W Shinder M.D.

A security vulnerability exists in the H.323 filter for Microsoft Internet Security and Acceleration Server 2000 that could allow an attacker to overflow a buffer in the Microsoft Firewall Service in Microsoft Internet Security and Acceleration Server 2000. An attacker who successfully exploited this vulnerability could try to run code of their choice in the security context of the Microsoft Firewall Service. This would give the attacker complete control over the system. The H.323 filter is enabled by default on servers running ISA Server 2000 computers that are installed in integrated or firewall mode.

We recommend that all ISA Server 2000 administrators install this patch immediately. You will not need to restart the server. Only the Firewall service will require a restart.

For more information, check out the full article at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms04-001.asp

ISA Server 2000 Deployment Kit Survey
http://www.isaserver.org/img/upl/kitsurvey/

About Thomas Shinder

Thomas Shinder photo Dr. Thomas W. Shinder is an MCSE, MCP+I, and MCT. He has worked as a technology trainer and consultant in the Dallas-Ft. Worth metro area, assisting in development and implementation of IP-based communications strategies for major firms such as Xerox, Lucent and FINA.

Click here for Thomas Shinder's section.

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on ISAserver.org! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update. Sign up to the ISAserver.org Monthly Newsletter, written by ISA expert Dr. Tom Shinder, containing news, the hottest tips, ISA links of the month and much more. Subscribe today and don't miss a thing!



Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

Solution Center

Readers' Choice

Which is your preferred ISA Monitoring and Management solution?