Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

MS03-012: Flaw in Winsock Proxy Service Can Cause Denial of Service


View products that this article applies to.

This article was previously published under Q331066

↑ Back to the top


Symptoms

Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000 contain support for Windows Sockets (Winsock) proxy communications. Winsock is an API that handles communications requests for Internet applications in a Microsoft Windows operating system.

The Winsock proxy service works with FTP, Telnet, mail, news, Internet Relay Chat (IRC), and other client applications that are compatible with Winsock. The proxy service makes these applications perform as if they were directly connected to the Internet. The service redirects the necessary communications functions to a computer that is running either Proxy Server 2.0 or ISA Server. This establishes a communication path from the internal application to the Internet.

A flaw in the Winsock proxy service may permit an attacker on the internal network to send a specially crafted packet that results in 100% CPU utilization of the computer that is running either Proxy Server 2.0 or ISA Server, causing the computer to stop responding to internal and external requests.

↑ Back to the top


Resolution

Download Information

The following files are available for download from the Microsoft Download Center:

ISA Server (all languages)


Download the 331066 package now.

Proxy Server


Download the 331066 package now.

Release Date: April 9, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591� How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites

ISA Server


This patch requires ISA Server Service Pack 1 (SP1). Microsoft will supply one version for each of five languages (English, German, French, Spanish, and Japanese).

For additional information about how to obtain the latest ISA Server service pack, click the following article number to view the article in the Microsoft Knowledge Base:
313139� How to Obtain the Latest Internet Security and Acceleration Server Service Pack
Proxy Server 2.0


The Proxy Server 2.0 update requires Proxy Server 2.0 Service Pack 1 (SP1), and is the same for all languages.

For additional information about how to obtain the latest Proxy Server service pack, visit the following Microsoft Web site:

Installation Information

ISA Server


The ISA Server update supports the following Setup switches:
  • /? : Display the list of installation switches.
  • -q : Use Quiet mode (no user interaction).
  • -USP : Remove the latest service pack.
  • -UHFX : Remove hotfix number X (where X is the number of the hotfix) .
For example, to install the ISA Server update without user intervention, use the following command line:
Isahf257 /q
To verify the ISA Server update is installed on your computer, confirm that the following registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Hotfixes\SP1\257

Proxy Server


To verify the Proxy Server update is installed on your computer, confirm that the following registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\HotFix\Q331066

Restart Requirement

The ISA Server update does not require a restart, but the Proxy Server 2.0 update does require a restart.

Remove Information

ISA Server


You can remove the ISA Server update by using the Add/Remove Programs tool in Control Panel. Select Microsoft ISA Server 2000 Updates, and then click Add/Remove.

You can also remove this update by typing the following line at a command prompt:
Isahf257 �UHF
Proxy Server


You can remove the Proxy 2.0 server update by using the Add/Remove Programs tool in the Control Panel. Select Hotfix for Q331066, and then click Add/Remove.

Hotfix Replacement Information

This update does not replace any other updates.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Microsoft Internet Security and Acceleration Server 2000
   Date         Time   Version       Size     File name
   -------------------------------------------------------
   20-Mar-2003  14:56  3.0.1200.257  178,448  Mspadmin.exe
   20-Mar-2003  14:55  3.0.1200.257  101,136  Msphlpr.dll
   20-Mar-2003  14:55  3.0.1200.257  391,440  W3proxy.exe
   20-Mar-2003  14:55  3.0.1200.257  298,768  Wspsrv.exe	
Microsoft Proxy Server 2.0
   Date         Time   Version     Size     File name
   -----------------------------------------------------
   26-Mar-2003  11:17  2.0.390.16   43,280  W3pcache.dll
   26-Mar-2003  11:17  2.0.390.16  192,784  W3proxy.dll
   26-Mar-2003  11:17  2.0.390.16   97,040  Wspsrv.exe

↑ Back to the top


Status

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.

↑ Back to the top


More information

For more information about this vulnerability, visit the following Microsoft Web site:

↑ Back to the top


Keywords: kbhotfixserver, kbsecvulnerability, kbsecbulletin, kbsecurity, kbqfe, kbbug, kbfix, kbqfe, KB331066

↑ Back to the top

Article Info
Article ID : 331066
Revision : 6
Created on : 7/25/2006
Published on : 7/25/2006
Exists online : False
Views : 460