Microsoft ISA Server and Forefront Threat Management Gateway Denial of Service Vulnerability

ID SMNTC-34414
Type symantec
Reporter Symantec Security Response
Modified 2009-04-14T00:00:00



Microsoft ISA Server and Forefront Threat Management Gateway are prone to a remote denial-of-service vulnerability. A remote, anonymous attacker could exploit this issue to cause the Web proxy listener to become unresponsive, denying service legitimate users.

Technologies Affected

  • Microsoft Forefront Threat Management Gateway Medium Business Edition
  • Microsoft ISA Server 2004 SP3
  • Microsoft ISA Server 2006
  • Microsoft ISA Server 2006 SP1
  • Microsoft ISA Server 2006 Supportability Update


Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn't required. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for anomalous or suspicious activity. Monitor logs generated by NIDS and by the server itself for evidence of attacks against the server.

Fixes are available; please see the references for more information.