Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-016.
Impact
Exploitation could allow remote user's to cause a web listener to stop responding to new requests and can also conduct cross site attacks.
Impact Level: System/Network.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx
Insight
- Pop error in the firewall engine when handling the session state for Web proxy or Web publishing listeners.
- An input validation error in the HTML forms authentication component (cookieauth.dll).
Affected
Microsoft Internet Security and Acceleration Server 2004 (Ent and Std).
Microsoft Internet Security and Acceleration Server 2006 and with SP1.
Microsoft Internet Security and Acceleration Server 2006 with Update
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-0077, CVE-2009-0237 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2778344)
- Microsoft Office Web Apps Remote Code Execution vulnerability (2904244)
- Microsoft Kerberos Denial of Service Vulnerability (977290)
- Microsoft Windows Message Queuing Privilege Escalation Vulnerability (971032)
- Microsoft ASP.NET Information Disclosure Vulnerability (2418042)