Article ID: 968078 - Last Review: April 14, 2009 - Revision: 1.1

MS09-016: Description of the ISA Server 2006 hotfix package: April 14, 2009

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

On This Page

Expand all | Collapse all

INTRODUCTION

Microsoft has released security bulletin MS09-016. To view the complete security bulletin, visit one of the following Microsoft Web sites:
Back to the top

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site:
http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)
North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site:
http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)
For enterprise customers, support for security updates is available through your usual support contacts.
Back to the top

MORE INFORMATION

This security update fixes the following issues:
  • 958951  (http://support.microsoft.com/kb/958951/ ) ISA Server stops accepting new requests after you configure Web publishing, Web proxy, or Automatic discovery
  • 968077  (http://support.microsoft.com/kb/968077/ ) A cross-site scripting vulnerability in ISA Server 2006 allows for redirection to malicious sites
For more information about this vulnerability, click the following MSRC article for MS09-016:
http://support.microsoft.com/kb/961759 (http://support.microsoft.com/kb/961759)
Back to the top

FILE INFORMATION

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For the original version of ISA Server 2006
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Authdflt.dll5.0.5720.172157,11203-Mar-200901:36x86
Comphp.dll5.0.5720.172180,66403-Mar-200901:36x86
Complp.dll5.0.5720.17272,12003-Mar-200901:36x86
Cookieauthfilter.dll5.0.5720.172394,68003-Mar-200901:36x86
Diffserv.dll5.0.5720.172106,93603-Mar-200901:36x86
msfpc.dll5.0.5720.172550,32803-Mar-200901:36x86
msfpccom.dll5.0.5720.1726,410,16803-Mar-200901:36x86
msfpcui.dll5.0.5720.1722,810,29603-Mar-200901:36x86
ratlib.dll5.0.5720.17251,12803-Mar-200901:36x86
msfpcsnp.dll5.0.5720.1725,857,20803-Mar-200901:36x86
socksflt.dll5.0.5720.172107,96003-Mar-200901:36x86
w3filter.dll5.0.5720.172892,85603-Mar-200901:36x86
w3prefch.exe5.0.5720.172172,47203-Mar-200901:36x86
wspsrv.exe5.0.5720.1721,212,34403-Mar-200901:36x86
Fweng.sys5.0.5720.172407,48003-Mar-200901:36x86
Httpfilter.dll5.0.5720.172155,57603-Mar-200901:36x86
Linktranslation.dll5.0.5720.172248,24803-Mar-200901:36x86
Wploadbalancer.dll5.0.5720.172108,98403-Mar-200901:36x86
For ISA Server 2006 with the Supportability Update installed
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Authdflt.dll5.0.5721.261162,74427-Feb-200900:18x86
Comphp.dll5.0.5721.261182,20027-Feb-200900:18x86
Complp.dll5.0.5721.26173,14427-Feb-200900:18x86
Cookieauthfilter.dll5.0.5721.261401,33627-Feb-200900:18x86
Diffserv.dll5.0.5721.261107,96027-Feb-200900:18x86
msfpc.dll5.0.5721.261568,24827-Feb-200900:18x86
msfpccom.dll5.0.5721.2616,420,92027-Feb-200900:18x86
sumgen.dll5.0.5721.261515,51227-Feb-200900:18x86
ratlib.dll5.0.5721.26151,64027-Feb-200900:18x86
msfpcsnp.dll5.0.5721.2615,950,39227-Feb-200900:18x86
mspadmin.exe5.0.5721.261382,39227-Feb-200900:18x86
msphlpr.dll5.0.5721.261501,17627-Feb-200900:18x86
rpcfltr.dll5.0.5721.261158,13627-Feb-200900:18x86
w3filter.dll5.0.5721.261916,92027-Feb-200900:18x86
w3prefch.exe5.0.5721.261174,00827-Feb-200900:18x86
wspsrv.exe5.0.5721.2611,223,60827-Feb-200900:18x86
Fweng.sys5.0.5721.261420,53627-Feb-200900:18x86
Httpfilter.dll5.0.5721.261157,11227-Feb-200900:18x86
Ldapfilter.dll5.0.5721.261113,59227-Feb-200900:18x86
Linktranslation.dll5.0.5721.261249,78427-Feb-200900:18x86
Radiusauth.dll5.0.5721.26185,43227-Feb-200900:18x86
Usr_pcode.htmNot Applicable6,89827-Feb-200900:18Not Applicable
Wploadbalancer.dll5.0.5721.261111,54427-Feb-200900:18x86
For ISA Server 2006 with Service Pack 1 installed
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Authdflt.dll5.0.5723.511164,79224-Feb-200923:37x86
Cookieauthfilter.dll5.0.5723.511407,48024-Feb-200923:37x86
Exchange_logout_smimecap.htmNot Applicable4,95324-Feb-200923:37Not Applicable
Exchange_usr_pwd.htmNot Applicable8,60424-Feb-200923:37Not Applicable
msfpc.dll5.0.5723.511584,63224-Feb-200923:37x86
msfpccom.dll5.0.5723.5116,781,36824-Feb-200923:37x86
mspapi.dll5.0.5723.51165,97624-Feb-200923:37x86
sumgen.dll5.0.5723.511516,53624-Feb-200923:37x86
ratlib.dll5.0.5723.51152,15224-Feb-200923:37x86
msfpcsnp.dll5.0.5723.5116,099,89624-Feb-200923:37x86
mspadmin.exe5.0.5723.511385,97624-Feb-200923:37x86
msphlpr.dll5.0.5723.511508,85624-Feb-200923:37x86
smtpfltr.dll5.0.5723.511177,59224-Feb-200923:37x86
w3filter.dll5.0.5723.511944,56824-Feb-200923:37x86
wspsrv.exe5.0.5723.5111,263,03224-Feb-200923:37x86
Fweng.sys5.0.5723.511420,79224-Feb-200923:37x86
Logout_smimecap.htmNot Applicable4,60824-Feb-200923:37Not Applicable
Usr_pcode.htmNot Applicable6,89824-Feb-200923:37Not Applicable
Usr_pwd.htmNot Applicable7,31324-Feb-200923:37Not Applicable
Wploadbalancer.dll5.0.5723.511112,05624-Feb-200923:37x86

Installation information

Because three separate packages are supplied according to the minor release level, you must apply the appropriate package by following these instructions:
  • If the release level of your installation is between the original release ISA Server 2006 and the supportability update, you must apply the ISA2006-RTM-KB968078-X86-<Lang>.msp package.
  • If the release level of your installation is between the Supportability Update and Service Pack 1, you must apply the ISA2006-SUPP-KB968078-X86-<Lang>.msp package.

    For more information about the Supportability Update, click the following article number to view the article in the Microsoft Knowledge Base:
    939455  (http://support.microsoft.com/kb/939455/ ) Description of the Internet Security and Acceleration (ISA) Server 2006 Supportability Update package
  • If the release level of your installation is Service Pack 1 or a later version, you must apply the ISA2006-SP1-KB968078-X86-<Lang>.msp package.

Restart requirement

You must restart the computer after you apply this hotfix.
Back to the top

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684  (http://support.microsoft.com/kb/824684/ ) Description of the standard terminology that is used to describe Microsoft software updates
Back to the top
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
Back to the top
Keywords: 
kbsecvulnerability kbsecbulletin kbsecurity kbexpertiseinter kbsurveynew KB968078
Back to the top