Microsoft has warned users of a serious vulnerability in ISA Server 2000 and Proxy Server 2.0 products that could allow malicious hackers to execute internet content spoofing scams.
According to alert MS04-039, the flaw could be used by cyber-criminals to carry out phishing attacks to trick unwary users into disclosing passwords and sensitive financial information.
"This is a spoofing vulnerability that exists in the affected products that could enable an attacker to spoof trusted internet content," Microsoft warned.
"Users could believe they are accessing trusted internet content when in reality they are accessing malicious internet content, for example a malicious website.
"However, an attacker would first have to persuade a user to visit the attacker's site to attempt to exploit this vulnerability."
Software affected by the vulnerability includes Microsoft Proxy Server 2.0 Service Pack 1, Microsoft Internet Security and Acceleration Server 2000 Service Pack 1 and Microsoft Internet Security and Acceleration Server 2000 Service Pack 2.
Microsoft Small Business Server 2000 (which includes Microsoft Internet Security and Acceleration Server 2000) and Microsoft Small Business Server 2003 Premium Edition are also affected.
As a workaround Microsoft advised users of the affected products to set the DNS cache size to zero.
"Setting the DNS cache size to zero effectively disables DNS caching on the affected system. This would prevent the affected software from using potentially spoofed data from the cache. This may have negative performance impact on DNS resolution," Microsoft said.
The software giant added that, if a customer suspects that their system has been affected by attempts to exploit this vulnerability, clearing the web proxy cache will help remove the suspected malicious content.
Full information and details of the fix are available here.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all