dcsimg
RealTime IT News

Microsoft Plugs ISA Vulnerability

Microsoft issued a patch for a vulnerability in its server software that could allow an attacker to spoof trusted Internet content.

As part of its monthly cycle of patch release Tuesday, the company said the SecurityBulletin covered its Internet Security and Acceleration Server 2000 (ISA Server) and Microsoft Proxy Server 2.0. Both are edge of network products.

According to Microsoft's technical bulletin, "users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site."

Microsoft's bulletin said a user would first have to visit the attacker's site to attempt to exploit the vulnerability.

Software affected by the patch include: Internet Security and Acceleration Server 2000 Service Pack 1 (SP1); Internet Security and Acceleration Server 2000 SP2; Microsoft Small Business Server 2000 (includes Internet Security and Acceleration Server 2000); Microsoft Small Business Server 2003 Premium Edition (includes Internet Security and Acceleration Server 2000).