Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS03-009: A Problem in the ISA Server DNS Intrusion Detection Filter May Cause Denial of Service


View products that this article applies to.

This article was previously published under Q331065

↑ Back to the top


Symptoms

A problem may occur on an Internet Security and Acceleration (ISA) Server 2000-based computer during the processing of incoming Domain Name System (DNS) requests that are sent to a published internal DNS server.

A successful attack against the ISA Server-based computer requires a malicious DNS request. An attacker might be able to exploit the vulnerability by sending a specially formed request to an ISA Server-based computer that is publishing a DNS server. This might then result in a denial of service to the published DNS server. If this occurs, all future incoming DNS requests to the ISA Server-based computer are stopped at the firewall, and are not passed to the internal DNS server. All other ISA Server functionality is unaffected.

↑ Back to the top


Cause

The vulnerability exists because the ISA Server DNS intrusion detection filter does not handle a specific type of request correctly when it is scanning incoming DNS traffic.

↑ Back to the top


Resolution

Patch Information

Download Information

The following file is available for download from the Microsoft Download Center:
Release Date: March 19, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591� How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites

You must install ISA Server Service Pack 1 (SP1) before you apply the hotfix.

For additional information about how to obtain the latest ISA Server service pack, click the following article number to view the article in the Microsoft Knowledge Base:
313139� How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack

Installation Information

This update supports the following Setup switches:
  • /?: Shows the list of installation switches.
  • /q: Installs the service pack in Quiet mode, without any user interface.
  • /USP: Removes the latest service pack
  • /UHFX: Removes hotfix number X (where X is the number of the hotfix)
For example, to install the update without any user intervention, use the following command line:
isahf256 /q
To verify that the update is installed on your computer, confirm that the following registry key exists:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\256

Removal Information

You can remove this update by using the Add/Remove Programs tool in Control Panel to remove "Microsoft ISA Server 2000 Updates."

You can also remove this update by typing the following line at a command prompt:
isahf256 -UHF256

Hotfix Replacement Information

This update does not replace any other updates.

Restart Requirement

You do not have to restart your computer after you apply this update.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date         Time    Version        Size     File name
   --------------------------------------------------------
   9-Mar-2003   11:55   3.0.1200.256   77,072   Issfltr.dll

↑ Back to the top


Status

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.

↑ Back to the top


More information

For more information about this issue, view the following security bulletin:

↑ Back to the top


Keywords: kbbug, kbprb, kbfile, kbproductlink, atdownload, kbsecvulnerability, kbsecurity, kbsecbulletin, kbsecdos, kbdns, kbfirewall, kbisaserv2000presp2fix, kbfix, KB331065

↑ Back to the top

Article Info
Article ID : 331065
Revision : 7
Created on : 10/29/2007
Published on : 10/29/2007
Exists online : False
Views : 415