ISA 2000 Security Bulletin MS05-034

Today, we released an update for ISA Server 2000 that addresses two privately disclosed security vulnerabilities, rated Moderate at the time of writing.

The two vulnerabilities are referred to as the HTTP Content Header Vulnerability - CAN-2005-1215, and the NetBIOS Predefined Filter Vulnerability - CAN-2005-1216. 

Summary

Who should read this document: Customers who use Microsoft Internet Security and Acceleration (ISA) Server 2000

Impact of Vulnerability: Elevation of Privilege

Maximum Severity Rating: Moderate

Recommendation: Customers should consider applying the security update.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

• Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2 – Download the update

Note The following software programs include ISA Server 2000. Customers who use these software programs should install the provided ISA Server 2000 security update.

• Microsoft Small Business Server 2000
 
• Microsoft Small Business Server 2003 Premium Edition
 
Non-Affected Software:

• Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition
 
• Microsoft Internet Security and Acceleration (ISA) Server 2004 Enterprise Edition
 

https://www.microsoft.com/technet/security/bulletin/MS05-034.mspx