| VID |
28047 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q331065) for the "Denial of Service Vulnerability in In ISA Server DNS Intrusion Detection Filter" not applied.
In ISA Server, application filters is used to protect against invalid URLs which may indicate attempted attacks as well as attacks against internal DNS Servers. Due to a flaw in the ISA Server DNS intrusion detection application filter, which does not properly handle a specific type of request when scanning incoming DNS requests, it results in a denial of service condition. By sending a specially formed request from the Internet to a computer running ISA Server, a remote attacker can cause an ISA Server to stop sending incoming DNS requests to a published DNS server.
* Note: Restarting the ISA Server service would allow DNS server publishing and DNS intrusion detection to function correctly again. However, the server would remain vulnerable to another denial of service attack if the appropriate patch is applied.
This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS03-009.asp
* Platforms Affected:
Microsoft ISA Server |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-009, http://www.microsoft.com/technet/security/bulletin/MS03-009.asp
1. Open the page : http://microsoft.com/downloads/details.aspx?familyid=F62127C5-51E3-4B34-A6D3-B9CF840358BD&displaylang=en
2. Select your language from the drop-down list at the top of the page and then click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2003-0011 (CVE) |
| Related URL |
7145 (SecurityFocus) |
| Related URL |
(ISS) |
|
