ISA 2006 / TMG 2010: DISABLE CLIENT-INITIATED SSL RENEGOTIATION, PROTECTING AGAINST DOS ATTACKS AND MALICIOUS DATA INJECTION

In these days we received a considerable number of support requests asking for more info about SSL/TLS Renegotiation and the risk it introduces of being exposed to DoS attacks and malicious code injections. The requests in object were focused on ISA/TMG products, considering they are used as reverse proxy for web publishing purposes, but the…


Mainstream Support Ending for ISA Server 2004 Standard Edition SP3

This is just a reminder, that mainstream support for ISA 2004 Standard Edition SP3  is going to end next week (October 13th , 2009).   That means that starting Oct 13th, the Forefront Edge product team will not issue non-security hotfixes, and will not accept any DCRs for ISA Server 2004 Standard Edition. Security hotfixes and…


Office Web Components Advisory, ISA Server and Forefront TMG

Hello Community: I would like to clarify some points for you regarding the security advisory that was released on 13 July.  Microsoft Security Advisory 937432 provides information about a vulnerability in Office Web Components (OWC) and links to a mechanism to help mitigate this vulnerability. As many customers have noticed, ISA Server 2004 and ISA…


MS09-031: ISA Server 2006 FBA and RADIUS OTP Bulletin

Hello Community: I wanted to reach out and provide some detail on the bulletin that was released today.  Microsoft Security Bulletin MS09-031 addresses a security vulnerability in ISA Server 2006 that can allow a remote unauthenticated user to access restricted resources in certain cases.  We wanted to explain what that configuration was, how the vulnerability…


MS09-012 and ISA Server Standard Edition 14109 Failures

We’ve received several reports of ISA Server Standard Edition restart failures after installation of April’s security updates. <Update>ISA Server 2006 update releasedISA Server 2004 update released</Update> The error message observed in this circumstance is: “Event ID 14109 (The ISA Server Standard Edition cannot run. Either the server is using more than 4 processors….).” Notes: 1….


Security Updates for ISA Server 2004, ISA Server 2006 and Forefront TMG (MBE)

ISA/TMG Community:   As much as I like to only announce exciting news, today, I must blog about security updates for both the ISA and TMG (MBE) product lines.  It has been almost four years since the last ISA bulletin and we are very proud of our engineering due diligence and the quality of the Microsoft SDL (Security Development…