Microsoft flaw leaves PCs open to phishing

Microsoft has warned users of a serious vulnerability in ISA Server 2000 and Proxy Server 2.0 products that could allow malicious hackers to execute internet content spoofing scams.

According to alert MS04-039, the flaw could be used by cyber-criminals to carry out phishing attacks to trick unwary users into disclosing passwords and sensitive financial information.

"This is a spoofing vulnerability that exists in the affected products that could enable an attacker to spoof trusted internet content," Microsoft warned.

"Users could believe they are accessing trusted internet content when in reality they are accessing malicious internet content, for example a malicious website.

"However, an attacker would first have to persuade a user to visit the attacker's site to attempt to exploit this vulnerability."

Software affected by the vulnerability includes Microsoft Proxy Server 2.0 Service Pack 1, Microsoft Internet Security and Acceleration Server 2000 Service Pack 1 and Microsoft Internet Security and Acceleration Server 2000 Service Pack 2.

Microsoft Small Business Server 2000 (which includes Microsoft Internet Security and Acceleration Server 2000) and Microsoft Small Business Server 2003 Premium Edition are also affected.

As a workaround Microsoft advised users of the affected products to set the DNS cache size to zero.

"Setting the DNS cache size to zero effectively disables DNS caching on the affected system. This would prevent the affected software from using potentially spoofed data from the cache. This may have negative performance impact on DNS resolution," Microsoft said.

The software giant added that, if a customer suspects that their system has been affected by attempts to exploit this vulnerability, clearing the web proxy cache will help remove the suspected malicious content.

Full information and details of the fix are available here.