In these days we received a considerable number of support requests asking for more info about SSL/TLS Renegotiation and the risk it introduces of being exposed to DoS attacks and malicious code injections. The requests in object were focused on ISA/TMG products, considering they are used as reverse proxy for web publishing purposes, but the…
Tag: Security Update
Mainstream Support Ending for ISA Server 2004 Standard Edition SP3
This is just a reminder, that mainstream support for ISA 2004 Standard Edition SP3 is going to end next week (October 13th , 2009). That means that starting Oct 13th, the Forefront Edge product team will not issue non-security hotfixes, and will not accept any DCRs for ISA Server 2004 Standard Edition. Security hotfixes and…
Office Web Components Advisory, ISA Server and Forefront TMG
Hello Community: I would like to clarify some points for you regarding the security advisory that was released on 13 July. Microsoft Security Advisory 937432 provides information about a vulnerability in Office Web Components (OWC) and links to a mechanism to help mitigate this vulnerability. As many customers have noticed, ISA Server 2004 and ISA…
MS09-031: ISA Server 2006 FBA and RADIUS OTP Bulletin
Hello Community: I wanted to reach out and provide some detail on the bulletin that was released today. Microsoft Security Bulletin MS09-031 addresses a security vulnerability in ISA Server 2006 that can allow a remote unauthenticated user to access restricted resources in certain cases. We wanted to explain what that configuration was, how the vulnerability…
MS09-012 and ISA Server Standard Edition 14109 Failures
We’ve received several reports of ISA Server Standard Edition restart failures after installation of April’s security updates. <Update>ISA Server 2006 update releasedISA Server 2004 update released</Update> The error message observed in this circumstance is: “Event ID 14109 (The ISA Server Standard Edition cannot run. Either the server is using more than 4 processors….).” Notes: 1….
Security Updates for ISA Server 2004, ISA Server 2006 and Forefront TMG (MBE)
ISA/TMG Community: As much as I like to only announce exciting news, today, I must blog about security updates for both the ISA and TMG (MBE) product lines. It has been almost four years since the last ISA bulletin and we are very proud of our engineering due diligence and the quality of the Microsoft SDL (Security Development…
UDP Updates Exception List Script for ISA Server and Forefront TMG (Updated for MS09-016)
Why do I need this? < UPDATE May 12 2009 > Since the release of Security update MS09-016, some ISA and TMG administrators have observed the same behavior as seen when they installed the UDP Update package. Tihs happened because all ISA and TMG updates are cumulative, that is; they all are built on the updates…