Check Point Advisories

Workaround for Microsoft ISA Server TCP State Limited Denial of Service Vulnerability (MS09-016)

Check Point Reference: SBP-2009-12
Date Published: 14 Apr 2009
Severity: High
Last Updated: Friday 17 April, 2009
Source: Microsoft Security Bulletin MS09-016
Industry Reference:CVE-2009-0077
Protection Provided by:
Who is Vulnerable? Microsoft Forefront Threat Management Gateway, Medium Business Edition
Microsoft Internet Security and Acceleration (ISA) Server 2004 Enterprise Edition SP3
Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition SP3
Microsoft Internet Security and Acceleration (ISA) Server 2006 Enterprise Edition
Microsoft Internet Security and Acceleration (ISA) Server 2006 Enterprise Edition SP1
Microsoft Internet Security and Acceleration (ISA) Server 2006 Enterprise Edition Supportability Update
Microsoft Internet Security and Acceleration (ISA) Server 2006 Standard Edition
Microsoft Internet Security and Acceleration (ISA) Server 2006 Standard Edition SP1
Microsoft Internet Security and Acceleration (ISA) Server 2006 Standard Edition Supportability Update
Vulnerability Description A denial of service vulnerability has been reported in Microsoft Internet Security and Acceleration (ISA) Server. ISA Server, originating as Microsoft Proxy Server, is a Firewall & Security product that provides Application-Layer Firewalling, acts as a VPN endpoint, and provides Internet Access for client systems in a Business Networking environment. A remote attacker may exploit this vulnerability to cause the affected Web proxy listener to become non-responsive.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS09-016
Vulnerability DetailsThe vulnerability is due to the way the firewall engine handles TCP state for Web proxy listeners. The Web proxy listener state management fails to handle the session state correctly which leads to orphaned open sessions and can cause a denial of service. A remote attacker could exploit this vulnerability by sending specially crafted network packets to the affected system.  Successful exploitation will cause the Web listener to stop responding to new requests.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK