Microsoft Forefront Unified Access Gateway (UAG) is prone to a spoofing vulnerability. An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may allow the attacker to masquerade as a legitimate server, aiding in further attacks.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous traffic.
Do not accept communications that originate from unknown or untrusted sources.
Restrict access to only trusted computers or devices. Block traffic that originates from unlikely or impossible source addresses.
The vendor released an advisory and fixes to address this issue. Please see the references for more information.