Description of the ISA Server 2006 hotfix package: July 14, 2009

Describes the ISA Server 2006 hotfix package that is dated July 14, 2009.INTRODUCTIONThis article describes the Microsoft Internet Security and Acceleration ISA Server 2006 hotfix package that is dated July 14, 2009. This hotfix package fixes some issues in ISA Server 2006. For more information...

CVE-2009-2496

CVE-2009-2496 : Heap-based/heap corruption vulnerability in the OWC10.Spreadsheet ActiveX control of Microsoft Office Web Components. Exploitation requires a user to load a malicious web page and trigger a specific sequence of method calls, leading to remote code execution. Affected products incl...

Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)

Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege 970953 Published: July 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Internet...

MS09-031: Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)

The version of Microsoft Internet Security and Acceleration ISA Server 2006 installed on the remote host may allow an unauthenticated attacker with knowledge of administrator account usernames to gain access to published resources in the context of such a user without having to authenticate with...

CVE-2009-0237

Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...

Cross site scripting

Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...

CVE-2009-0237

CVE-2009-0237 is a non-persistent cross-site scripting (XSS) vulnerability in the HTML forms authentication component cookieauth.dll used by ISA Server and Forefront TMG MBE and affected 2006/2006 SP1, as described in the MS09-016 bulletin. The root cause is improper input validation of HTTP form...

MS09-016: Description of the ISA Server 2006 hotfix package: April 14, 2009

Resolves vulnerabilities that may cause ISA Server 2006 stop accepting new requests.INTRODUCTIONMicrosoft has released security bulletin MS09-016. To view the complete security bulletin, visit one of the following Microsoft Web sites:Home...

Microsoft ISA Server and Forefront Threat Management Gateway Denial of Service Vulnerability

Description Microsoft ISA Server and Forefront Threat Management Gateway are prone to a remote denial-of-service vulnerability. A remote, anonymous attacker could exploit this issue to cause the Web proxy listener to become unresponsive, denying service legitimate users. Technologies Affected...

Security Update for ISA Server 2006 Supportability Pack (KB 968078)

This update resolves the issues described in Knowledge Base article 968078 ISA Server 2006: • ISA Server 2006 Web proxy and Web publishing listeners may stop accepting new requests after receiving specially-crafted packets. • ISA Server 2006 forms-based authentication may allow a browser to be...

Security Update for ISA Server 2006 Supportability Pack (KB 970811)

When publishing a Web server using forms-based authentication with Radius one-time password OTP as the credentials authority and Kerberos constrained delegation, it may be possible to bypass the form authentication and log on using invalid credentials...

Security Update for Microsoft Office 2003 Web Components used in ISA Server 2004 SP3 Enterprise Edition Reporting

This update resolves vulnerabilities reported in Microsoft Office 2003 Web Components. ISA Server 2004 and 2006 use Office 2003 Web Components during report generation...

Security Update for Microsoft Office 2003 Web Components used in ISA Server 2006 Service Pack 1 Reporting

This update resolves vulnerabilities reported in Microsoft Office 2003 Web Components. ISA Server 2004 and 2006 use Office 2003 Web Components during report generation...

Security Update for ISA Server 2006 RTM (KB 968078)

This update resolves the issues described in Knowledge Base article 968078 ISA Server 2006: • ISA Server 2006 Web proxy and Web publishing listeners may stop accepting new requests after receiving specially-crafted packets. • ISA Server 2006 forms-based authentication may allow a browser to be...