===================================================================== CERT-Renater Note d'Information No. 2009/VULN157 _____________________________________________________________________ DATE : 15/04/2009 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Microsoft ISA Server, Microsoft Forefront Threat Management Gateway. ====================================================================== KB961759 http://www.microsoft.com/technet/security/bulletin/MS09-016.mspx ______________________________________________________________________ Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker. This security update is rated Important for Forefront TMG MBE, ISA Server 2004, and ISA Server 2006. For more information, see the subsection, Affected and Non-Affected Software, in this section. The security update addresses the vulnerabilities by modifying the way that the firewall engine handles the TCP state and the way that HTTP forms authentication handles input. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity. Affected Software Microsoft Forefront Threat Management Gateway, Medium Business Edition Microsoft Internet Security and Acceleration Server 2004 Service Pack 3 Microsoft Internet Security and Acceleration Server 2006 Internet Security and Acceleration Server 2006 Supportability Update Microsoft Internet Security and Acceleration Server 2006 Service Pack 1 Vulnerability Information Web Proxy TCP State Limited Denial of Service Vulnerability - CVE-2009-0077 A denial of service vulnerability exists in the way the firewall engine handles TCP state for Web proxy or Web publishing listeners. The vulnerability could allow a remote user to cause a Web listener to stop responding to new requests. Cross-Site Scripting Vulnerability - CVE-2009-0237 A cross-site scripting (XSS) vulnerability exists in the HTML forms authentication component in ISA Server or Forefront TMG, cookieauth.dll, which could allow malicious script code to run on the machine of another user under the guise of the server running cookieauth.dll. This is a non-persistent cross-site scripting vulnerability that can lead to spoofing and information disclosure. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================