=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2004/VULN474
_____________________________________________________________________

DATE                      : 10/11/2004

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Proxy Server 2.0 SP1,
                                     Microsoft ISA Server 2000 SP1 and SP2,
                                Microsoft Small Business Server 2000,
                                Microsoft Small Business Server 2003 Premium Edition.

======================================================================

TECHNICAL DETAILS

MS04-039
Title:  Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could
Allow Internet Content Spoofing (888258)

Affected Software:
  - Microsoft Proxy Server 2.0 Service Pack 1
  - Microsoft Internet Security and Acceleration Server 2000 Service
Pack 1 and Microsoft Internet Security and Acceleration Server 2000
Service Pack 2

Note Microsoft Small Business Server 2000 and Microsoft Small
Business Server 2003 Premium Edition include Microsoft Internet
Security and Acceleration Server 2000 (ISA Server 2000). Microsoft
Small Business Server 2000 and Microsoft Small Business Server 2003
customers should install the provided ISA Server 2000 security
update.

Impact of Vulnerability:  Spoofing

Maximum Severity Rating:  Important

Restart required:

ISA Server: This update does not require a restart. The installer
stops the required services, applies the update, and then restarts
the services. However, if the required services cannot be stopped for
any reason, or if required files are in use, this update will require
a restart. If this occurs, a message appears that advises you to
restart.

Proxy Server: Yes

Update can be uninstalled:  Yes

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS04-039.mspx

PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST
CURRENT INFORMATION ON THESE ALERTS.

If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should
contact Product Support Services in the United States at
1-866-PCSafety (1-866-727-2338).  International customers should
contact their local subsidiary.

Thank you,
Microsoft PSS Security Team

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================