Microsoft KB Archive/331066

= MS03-012: Flaw in Winsock Proxy Service Can Cause Denial of Service =

Article ID: 331066

Article Last Modified on 7/25/2006

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2000 Service Pack 1
 * Microsoft Proxy Server 2.0 Standard Edition

-



This article was previously published under Q331066





SYMPTOMS
Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000 contain support for Windows Sockets (Winsock) proxy communications. Winsock is an API that handles communications requests for Internet applications in a Microsoft Windows operating system.

The Winsock proxy service works with FTP, Telnet, mail, news, Internet Relay Chat (IRC), and other client applications that are compatible with Winsock. The proxy service makes these applications perform as if they were directly connected to the Internet. The service redirects the necessary communications functions to a computer that is running either Proxy Server 2.0 or ISA Server. This establishes a communication path from the internal application to the Internet.

A flaw in the Winsock proxy service may permit an attacker on the internal network to send a specially crafted packet that results in 100% CPU utilization of the computer that is running either Proxy Server 2.0 or ISA Server, causing the computer to stop responding to internal and external requests.



Download Information
The following files are available for download from the Microsoft Download Center:

ISA Server (all languages)
Download the 331066 package now.

Proxy Server
Download the 331066 package now.

Release Date: April 9, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

ISA Server
This patch requires ISA Server Service Pack 1 (SP1). Microsoft will supply one version for each of five languages (English, German, French, Spanish, and Japanese).

For additional information about how to obtain the latest ISA Server service pack, click the following article number to view the article in the Microsoft Knowledge Base:

313139 How to Obtain the Latest Internet Security and Acceleration Server Service Pack

Proxy Server 2.0
The Proxy Server 2.0 update requires Proxy Server 2.0 Service Pack 1 (SP1), and is the same for all languages.

For additional information about how to obtain the latest Proxy Server service pack, visit the following Microsoft Web site:

http://www.microsoft.com/isaserver/evaluation/previousversions/default.mspx

ISA Server
The ISA Server update supports the following Setup switches:
 * /? : Display the list of installation switches.
 * -q : Use Quiet mode (no user interaction).
 * -USP : Remove the latest service pack.
 * -UHFX : Remove hotfix number X (where X is the number of the hotfix).

For example, to install the ISA Server update without user intervention, use the following command line:

Isahf257 /q

To verify the ISA Server update is installed on your computer, confirm that the following registry key exists:

Proxy Server
To verify the Proxy Server update is installed on your computer, confirm that the following registry key exists:

Restart Requirement
The ISA Server update does not require a restart, but the Proxy Server 2.0 update does require a restart.

ISA Server
You can remove the ISA Server update by using the Add/Remove Programs tool in Control Panel. Select Microsoft ISA Server 2000 Updates, and then click Add/Remove.

You can also remove this update by typing the following line at a command prompt:

Isahf257 –UHF

Proxy Server
You can remove the Proxy 2.0 server update by using the Add/Remove Programs tool in the Control Panel. Select Hotfix for Q331066, and then click Add/Remove.

Hotfix Replacement Information
This update does not replace any other updates.

File Information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Microsoft Internet Security and Acceleration Server 2000
  Date         Time   Version       Size     File name ---  20-Mar-2003  14:56  3.0.1200.257  178,448  Mspadmin.exe 20-Mar-2003 14:55  3.0.1200.257  101,136  Msphlpr.dll 20-Mar-2003 14:55  3.0.1200.257  391,440  W3proxy.exe 20-Mar-2003 14:55  3.0.1200.257  298,768  Wspsrv.exe

Microsoft Proxy Server 2.0
  Date         Time   Version     Size     File name -  26-Mar-2003  11:17  2.0.390.16   43,280  W3pcache.dll 26-Mar-2003 11:17  2.0.390.16  192,784  W3proxy.dll 26-Mar-2003 11:17  2.0.390.16   97,040  Wspsrv.exe



STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS03-012.mspx

Additional query words: security_patch rollup

Keywords: kbhotfixserver kbqfe kbsecvulnerability kbsecbulletin kbsecurity kbqfe kbbug kbfix KB331066

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.