MS09-031: Vulnerability in Microsoft ISA Server 2006 could cause elevation of privilege

Article translations Article translations
Article ID: 970953 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS09-031. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Known issues with this security update

  • If you install this security update after you have customized any of the following .htm files, the update does not replace the customized .htm file:

    Usr_pcode.htm
    Usr_pwd.htm
    Logout_smimecap.htm

    To avoid this issue, you must restore the original .htm file, apply the security update, and then customize the updated .htm file.

    For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
    955127 After you apply hotfix 955151, ISA Server 2006 supports the Secure/MIME feature in Exchange Server 2007
    955122 The logon page does not appear correctly if you select French for the Internet Explorer language when you try to log on to an Outlook Web Access site that is published by using ISA Server 2006
    955112 The Outlook Web Access logon form does not display the "This is a private computer" option when you publish an Outlook Web Access site by using ISA Server 2006 with Service Pack 1
  • An administrator may be able to install the wrong version of this update if it was obtained from the Microsoft Download Center (DC). When this occurs, the update will indicate successful installation. However, the relevant binaries will not be updated to the updated versions. This issue may occur because of a problem in the installer detection logic that does not correctly determine the installed product revision. This issue will not occur if the computer is updated by using Microsoft Update, Automatic updates, Microsoft Windows Server Update Services (WSUS), or Microsoft Systems Management Server (SMS).
    Collapse this tableExpand this table
    ISA Server 2006 RevisionUpdate TargetInstall StateUpdate State
    RTMRTMSuccessUpdated
    SUFailureNot Updated
    SP1FailureNot Updated
    Supportability Update (SU)RTMSuccessNot Updated
    SUSuccessUpdated
    SP1FailureNot Updated
    Service Pack 1 (SP1)RTMSuccessNot Updated
    SUSuccessNot Updated
    SP1SuccessUpdated

Additional information about this security update

For more information about this security update, including file information and information about any known issues with specific releases of this software, click the following article numbers to view the articles in the Microsoft Knowledge Base:
970811 Description of the security update for Microsoft ISA Server 2006: July 14, 2009
971143 Description of the ISA Server 2006 hotfix package: July 14, 2009

Properties

Article ID: 970953 - Last Review: May 8, 2012 - Revision: 4.0
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB970953

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com