Microsoft firewall liable to DoS attacks

Microsoft's first crack at the security market, its Internet Security and Acceleration (ISA) firewall, has been dealt a major blow only weeks after its release as security experts warned that the product is vulnerable to denial of service (DoS) attacks.

An advisory released by security firm SecureXpert Labs today revealed that Microsoft's ISA Server 1.0 running on a Windows 2000 platform with Service Pack 1 is vulnerable.

As a result, the firewall "is vulnerable to a simple network-based attack, which stops all incoming and outgoing web traffic from passing through the firewall until the firewall is rebooted or the affected service is restarted", said the advisory.

SecureXpert said that if the firewall is configured to use the 'Web Publishing' feature then the attack could be carried out remotely.

This feature is often used to publish web server content externally from inside the network and is more than likely to be enabled. SecureXpert said that sending a long path name or URL to the web proxy will force it to terminate due to an access violation error. Essentially, this means that the ISA server is vulnerable to a DoS attack.

However, Microsoft has been quick to point out that the flaw cannot be exploited further, so a hacker could not use it to take control of the server. The software giant has released a hotfix for the problem and will include the patch in the first ISA service pack.

The Microsoft advisory and security fix is available here.