---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft ISA Server Security Bypass Vulnerability SECUNIA ADVISORY ID: SA35784 VERIFY ADVISORY: http://secunia.com/advisories/35784/ DESCRIPTION: A vulnerability has been reported in Microsoft ISA Server, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error when authenticating requests using the HTTP-Basic method, which can be exploited to access a web published resource. Successful exploitation requires knowledge of a valid administrative user name and that the ISA server is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation. NOTE: This can further be exploited to completely compromise a system relying on the ISA Server 2006 Web publishing rules for authentication. SOLUTION: Apply patches. Microsoft Internet Security and Acceleration Server 2006: http://www.microsoft.com/downloads/details.aspx?familyid=c4e9b1dd-526d-407b-bc23-ebc2738b1b19 Microsoft Internet Security and Acceleration Server 2006 Supportability Update: http://www.microsoft.com/downloads/details.aspx?familyid=e8ccd770-a925-411c-b994-78e4cf5c3476 Microsoft Internet Security and Acceleration Server 2006 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=e536cfed-c1af-4868-b2ac-79178d6355a5 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS09-031 (KB970811, KB971143): http://www.microsoft.com/technet/security/Bulletin/MS09-031.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------