You are here: silicon.com > Hardware > Servers

Servers

Microsoft foiled in first foray into security

Microsoft has admitted to a fundamental flaw in its first security product, the Internet Security and Acceleration Server (ISA).

Printer Friendly Email Story RSS

By editorial@silicon.com

Published: 20 April 2001 11:03 BST

According to Microsoft, the flaw leaves users of version 1.0 of the ISA server - which incorporates a firewall, a virtual private network and a web-cache - vulnerable to denial-of-service attacks, which could cause corresponding web servers to crash.

Canadian e-security specialist Secure-Xpert Labs discovered the bug during testing and Microsoft was informed at the beginning of April.

According to Secure-Xpert, if the web-publishing tool, which is delivered with it, is activated, all that is needed to trigger a crash is a simple character string. ISA is therefore vulnerable even behind its own firewall, with HTML-formatted mails posing a threat.

The ISA server is Microsoft's first software product in the security area and a number of partner companies were involved in the development. No justification has so far been offered for the flaw, but a patch is available at http://microsoft.com/isaserver/support .

By Christian M Wagner, journalist, www.silicon.de

Add Comment Add comment  Printer Friendly Print story   Email Story Email story   RSS
In
Desktops

Servers

PDAs

Storage


Related Links

A Source Address Filtering Firewall to Defend Against Denial of Service Attacks

Mitigating Sasser, Distributed Denial of Service (DDoS) and Day-Zero Attacks: The Cisco Threat Defense System

Microsoft fixes smorgasbord of IE flaws

Veritas flaw enables corporate attacks

Mitigating Sasser, Distributed Denial of Service (DDoS) and Day-Zero Attacks: The Cisco Threat Defense System

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

silicon.com Dear silicon.com... ZX Spectrum nostalgia, Mac attack, tag a bag… Reader Comments of the Week

Steve Ranger Editor's Blog: Home computing from Acorn, Amiga and Amstrad, to the ZX Spectrum Nostalgia 2.0...

Windows Mobile v BlackBerry in server showdown

Met Office gets £33m supercomputer

Whitehall IT to be carbon neutral by 2020

Steve Ballmer on a future in the cloud

Google: Server efficiency needs different approach

Forecasting tech blows away stormy weather


  • Jobs
SAP PMO/ Change Control Specialist

You will also be involved in building, maintaining and publishing an up-to-date annual Transport Calendar that satisfies the requirements of the ISE ...

Security Pre-Sales Consultant, Juniper, Crossbeam, Fortinet, London

The successful candidate will ideally be experienced in one or more of the following security / firewall technologies: Juniper [JNCIS / JNCIA], ...

SENIOR INFRASTRUCTURE ENGINEER

Windows, Server, Exhange, 2000, 2003, TCP/IP, CCNA, Firewall, RSA, ISA, ASA, Cisco, Network London based company are currently looking for a ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.

Bracknell Forest reaps virtual rewards

E4 embraces web 2.0 audience

Danone on health kick with Itil

Pseudo Random Postfix OFDM Based Modulator for Next Generation 60GHz WLANs

Comparison of Iterative Detection Schemes for MIMO Systems With Spreading Based on...

Effect of Spreading in an Outdoor MIMO-OFDM System

Marco Case Study: Dedicated Logistics, Inc.

Stories from the web...

History of British PCs

Why work in IT?

60-Second Pitch - data security services


Novell throws open GroupWise beta

BBC readies music downloads service

Dell joins netbook race

Windows Mobile v BlackBerry in server showdown

Heathrow T5 gets massive wi-fi hotspot




Quick Sitemap Links: