MS09-016: Vulnerabilities in ISA Server and Forefront Threat Management Gateway MBE could cause denial of service

Article translations Article translations
Article ID: 961759 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS09-016. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Known issues with this security update

An administrator may be able to install the wrong version of the ISA Server 2006 update if it was obtained from the Microsoft Download Center (DC). When this occurs, the update will indicate successful installation, but the relevant binaries will not be updated to the new versions.

This problem may occur because of a problem in the installer detection logic that does not correctly determine the installed ISA Server 2006 product revision. This problem will not occur if the ISA 2006 computer is updated by using Microsoft Update, Automatic Updates, Windows Server Update Services, or SMS.
Collapse this tableExpand this table
ISA Server 2006 RevisionUpdate TargetInstall StateUpdate State
RTMRTMSuccessUpdated
SUFailureNot Updated
SP1FailureNot Updated
Supportability Update (SU)RTMSuccessNot Updated
SUSuccessUpdated
SP1FailureNot Updated
Service Pack 1 (SP1)RTMSuccessNot Updated
SUSuccessNot Updated
SP1SuccessUpdated

To correct an incorrect update installation, download, and then install the correct package for the target system over the current update.

Additional information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:
960995 MS09-016: Description of the security update for ISA Server 2004: April 14, 2009
968075 MS09-016: Description of the Forefront Threat Management Gateway MBE hotfix package: April 14, 2009
968078 MS09-016: Description of the ISA Server 2006 hotfix package: April 14, 2009

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Microsoft Forefront Threat Management Gateway Medium Business Edition (MBE) information

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Cookieauthfilter.dll6.0.6417.153476,59210-Mar-200901:04x86
msphlpr.dll6.0.6417.153894,40010-Mar-200901:04x86
wspsrv.exe6.0.6417.1531,439,15210-Mar-200901:04x86
Fweng.sys6.0.6417.153755,12019-Feb-200902:09x86
Fweng64.sys6.0.6417.153853,93619-Feb-200902:09x64
Fweng64100.sys6.0.6417.100857,18418-Feb-200921:52x64
Msfpcpatch.dll6.0.6417.153161,72810-Mar-200901:03x86

Microsoft ISA Server 2006 file information


For the original version of ISA Server 2006


Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Authdflt.dll5.0.5720.172157,11203-Mar-200901:36x86
Comphp.dll5.0.5720.172180,66403-Mar-200901:36x86
Complp.dll5.0.5720.17272,12003-Mar-200901:36x86
Cookieauthfilter.dll5.0.5720.172394,68003-Mar-200901:36x86
Diffserv.dll5.0.5720.172106,93603-Mar-200901:36x86
msfpc.dll5.0.5720.172550,32803-Mar-200901:36x86
msfpccom.dll5.0.5720.1726,410,16803-Mar-200901:36x86
msfpcui.dll5.0.5720.1722,810,29603-Mar-200901:36x86
ratlib.dll5.0.5720.17251,12803-Mar-200901:36x86
msfpcsnp.dll5.0.5720.1725,857,20803-Mar-200901:36x86
socksflt.dll5.0.5720.172107,96003-Mar-200901:36x86
w3filter.dll5.0.5720.172892,85603-Mar-200901:36x86
w3prefch.exe5.0.5720.172172,47203-Mar-200901:36x86
wspsrv.exe5.0.5720.1721,212,34403-Mar-200901:36x86
Fweng.sys5.0.5720.172407,48003-Mar-200901:36x86
Httpfilter.dll5.0.5720.172155,57603-Mar-200901:36x86
Linktranslation.dll5.0.5720.172248,24803-Mar-200901:36x86
Wploadbalancer.dll5.0.5720.172108,98403-Mar-200901:36x86

For ISA Server 2006 with the Supportability Update installed


Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Authdflt.dll5.0.5721.261162,74427-Feb-200900:18x86
Comphp.dll5.0.5721.261182,20027-Feb-200900:18x86
Complp.dll5.0.5721.26173,14427-Feb-200900:18x86
Cookieauthfilter.dll5.0.5721.261401,33627-Feb-200900:18x86
Diffserv.dll5.0.5721.261107,96027-Feb-200900:18x86
msfpc.dll5.0.5721.261568,24827-Feb-200900:18x86
msfpccom.dll5.0.5721.2616,420,92027-Feb-200900:18x86
sumgen.dll5.0.5721.261515,51227-Feb-200900:18x86
ratlib.dll5.0.5721.26151,64027-Feb-200900:18x86
msfpcsnp.dll5.0.5721.2615,950,39227-Feb-200900:18x86
mspadmin.exe5.0.5721.261382,39227-Feb-200900:18x86
msphlpr.dll5.0.5721.261501,17627-Feb-200900:18x86
rpcfltr.dll5.0.5721.261158,13627-Feb-200900:18x86
w3filter.dll5.0.5721.261916,92027-Feb-200900:18x86
w3prefch.exe5.0.5721.261174,00827-Feb-200900:18x86
wspsrv.exe5.0.5721.2611,223,60827-Feb-200900:18x86
Fweng.sys5.0.5721.261420,53627-Feb-200900:18x86
Httpfilter.dll5.0.5721.261157,11227-Feb-200900:18x86
Ldapfilter.dll5.0.5721.261113,59227-Feb-200900:18x86
Linktranslation.dll5.0.5721.261249,78427-Feb-200900:18x86
Radiusauth.dll5.0.5721.26185,43227-Feb-200900:18x86
Usr_pcode.htmNot Applicable6,89827-Feb-200900:18Not Applicable
Wploadbalancer.dll5.0.5721.261111,54427-Feb-200900:18x86

For ISA Server 2006 with Service Pack 1 installed


Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Authdflt.dll5.0.5723.511164,79224-Feb-200923:37x86
Cookieauthfilter.dll5.0.5723.511407,48024-Feb-200923:37x86
Exchange_logout_smimecap.htmNot Applicable4,95324-Feb-200923:37Not Applicable
Exchange_usr_pwd.htmNot Applicable8,60424-Feb-200923:37Not Applicable
msfpc.dll5.0.5723.511584,63224-Feb-200923:37x86
msfpccom.dll5.0.5723.5116,781,36824-Feb-200923:37x86
mspapi.dll5.0.5723.51165,97624-Feb-200923:37x86
sumgen.dll5.0.5723.511516,53624-Feb-200923:37x86
ratlib.dll5.0.5723.51152,15224-Feb-200923:37x86
msfpcsnp.dll5.0.5723.5116,099,89624-Feb-200923:37x86
mspadmin.exe5.0.5723.511385,97624-Feb-200923:37x86
msphlpr.dll5.0.5723.511508,85624-Feb-200923:37x86
smtpfltr.dll5.0.5723.511177,59224-Feb-200923:37x86
w3filter.dll5.0.5723.511944,56824-Feb-200923:37x86
wspsrv.exe5.0.5723.5111,263,03224-Feb-200923:37x86
Fweng.sys5.0.5723.511420,79224-Feb-200923:37x86
Logout_smimecap.htmNot Applicable4,60824-Feb-200923:37Not Applicable
Usr_pcode.htmNot Applicable6,89824-Feb-200923:37Not Applicable
Usr_pwd.htmNot Applicable7,31324-Feb-200923:37Not Applicable
Wploadbalancer.dll5.0.5723.511112,05624-Feb-200923:37x86

Microsoft ISA Server 2004 file information

ISA Server 2004 Enterprise Edition


Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Compadmin.dll4.0.3445.909172,97612-Feb-200900:47x86
Comphp.dll4.0.3445.909195,52012-Feb-200900:47x86
fweng.sys4.0.3445.909409,39212-Feb-200900:47x86
msfpc.dll4.0.3445.909435,12012-Feb-200900:47x86
ratlib.dll4.0.3445.90941,90412-Feb-200900:47x86
msfpcsnp.dll4.0.3445.9094,985,77612-Feb-200900:47x86
msphlpr.dll4.0.3445.909467,90412-Feb-200900:47x86
w3filter.dll4.0.3445.909849,84012-Feb-200900:47x86
wspsrv.exe4.0.3445.9091,199,55212-Feb-200900:47x86
Httpfilter.dll4.0.3445.909146,36812-Feb-200900:47x86
Radiusauth.dll4.0.3445.90969,04012-Feb-200900:47x86

ISA Server 2004 Standard Edition


Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Compadmin.dll4.0.2167.909164,76822-Jan-200908:33x86
Comphp.dll4.0.2167.909193,96022-Jan-200908:33x86
fweng.sys4.0.2167.909385,56822-Jan-200908:33x86
msfpc.dll4.0.2167.909377,24822-Jan-200908:33x86
sumgen.dll4.0.2167.909524,71222-Jan-200908:33x86
ratlib.dll4.0.2167.90938,31222-Jan-200908:33x86
msfpcsnp.dll4.0.2167.9093,805,60822-Jan-200908:33x86
msphlpr.dll4.0.2167.909431,01622-Jan-200908:33x86
w3filter.dll4.0.2167.909824,73622-Jan-200908:33x86
wspsrv.exe4.0.2167.9091,056,16022-Jan-200908:33x86
Httpfilter.dll4.0.2167.909144,29622-Jan-200908:33x86
Radiusauth.dll4.0.2167.90971,07222-Jan-200908:33x86

Applies To

In addition to the products that are listed in the Applies To section, the information in this article also applies to:
  • Microsoft ISA Server 2004, Enterprise Edition, Service Pack 3 (SP3)
  • Microsoft ISA Server 2004, Standard Edition, Service Pack 3 (SP3)
  • Microsoft ISA Server 2006, Enterprise Edition, Supportability Update (SU)
  • Microsoft ISA Server 2006, Standard Edition, Supportability Update (SU)

Properties

Article ID: 961759 - Last Review: May 9, 2012 - Revision: 4.0
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Service Pack 1, when used with:
    • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
    • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Windows Small Business Server 2003 R2 Premium Edition
  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB961759

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com