Microsoft KB Archive/888258

= MS04-039: Vulnerability in ISA Server 2000 and Proxy Server 2.0 could allow Internet content spoofing =

Article ID: 888258

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Service Pack 2
 * Microsoft Internet Security and Acceleration Server 2000 Service Pack 1
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Small Business Server 2000 Standard Edition
 * Microsoft Proxy Server 2.0 Standard Edition

-





SUMMARY
Microsoft has released security bulletin MS04-039. This security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites:  Home users:

http://www.microsoft.com/protect/computer/updates/bulletins/default.mspx

 IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms04-039.mspx



If you set the DNS cache size to zero, you effectively disable DNS caching on the affected system. This setting would prevent the affected software from using potentially spoofed data from the cache. The setting may have a negative performance effect on DNS resolution. Apply this setting only on systems that cannot apply the security update as a short-term workaround.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

889189 How to work around the ISA Server 2000 and Proxy Server 2.0 DNS cache spoofing vulnerability described in Microsoft Security Bulletin MS04-039

Known issues
For additional information about known issues that may occur when you install this security update, click the following article number to view the article in the Microsoft Knowledge Base:

890097 Multiple failures after you install Microsoft Security Update MS04-039

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted remote code execution jpeg images graphics pictures gdiplus.dll

Keywords: kbqfe kbfix kbbug kbsecvulnerability kbsecurity kbsecbulletin kbhotfixserver KB888258

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.