MS04-039: Vulnerability in ISA Server 2000 and Proxy Server 2.0 could allow Internet content spoofing

This article has been archived. It is offered "as is" and will no longer be updated.
SUMMARY
Microsoft has released security bulletin MS04-039. This security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: If you set the DNS cache size to zero, you effectively disable DNS caching on the affected system. This setting would prevent the affected software from using potentially spoofed data from the cache. The setting may have a negative performance effect on DNS resolution. Apply this setting only on systems that cannot apply the security update as a short-term workaround.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
889189 How to work around the ISA Server 2000 and Proxy Server 2.0 DNS cache spoofing vulnerability described in Microsoft Security Bulletin MS04-039

Known issues

For additional information about known issues that may occur when you install this security update, click the following article number to view the article in the Microsoft Knowledge Base:
890097 Multiple failures after you install Microsoft Security Update MS04-039

update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted remote code execution jpeg images graphics pictures gdiplus.dll
Properties

Article ID: 888258 - Last Review: 01/16/2015 01:37:25 - Revision: 3.3

  • Microsoft Internet Security and Acceleration Server 2000 Service Pack 2
  • Microsoft Internet Security and Acceleration Server 2000 Service Pack 1
  • Microsoft Windows Small Business Server 2003 Premium Edition
  • Microsoft Small Business Server 2000 Standard Edition
  • Microsoft Proxy Server 2.0 Standard Edition
  • kbnosurvey kbarchive kbqfe kbfix kbbug kbsecvulnerability kbsecurity kbsecbulletin kbhotfixserver KB888258
Feedback