Microsoft ISA Server is prone to an authentication-bypass vulnerability. An attacker with knowledge of a valid account name can exploit this issue to bypass authentication and gain access to arbitrary resources within the context of the selected account.
Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn't required. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for anomalous or suspicious activity. Monitor logs generated by NIDS and by the server itself for evidence of attacks against the server.
The vendor has released an update. Please see the references for details.