ISA and MDAC Vulnerabilities Require Patches

Security bulletins and patches have been issued for vulnerabilities in Internet Security and Acceleration (ISA) Server and the Microsoft Data Access Components (MDAC), a key component of the Windows OS. Both vulnerabilities could leave systems exposed to takeover by malicious code and require immediate corrective action, even if customers think it unlikely that a programmer could exploit these vulnerabilities.

Critical ISA Vulnerability

ISA Server is an enterprise-level firewall and Web cache server. The vulnerability is an unchecked buffer in the H.323 filter. Attackers who can exploit the vulnerability can run code of their choice in the security context of the Microsoft Firewall Service, effectively gaining full control of the server.

The H.323 filter is an ISA Server component used to monitor and control traffic for IP telephony applications and to transfer data for applications, including whiteboard, file transfer, or remote desktop control, that use the H.323 and T.120 protocols. These protocols are used in Microsoft’s Exchange Conferencing Server and NetMeeting client. The feature is enabled by default, even though it could be turned off by default to keep this product secure, per the “secure by default” recommendations in Microsoft’s Trustworthy Computing initiative.