<<04-001 Security Bulletin for ISA Server >>

816458 - MS04-001: A vulnerability in an Internet Security and
Acceleration Server 2000 H.323 filter could allow remote code execution:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458

Again, not found by merely Windows Updating a box


04-002 is just Exchange 2003
--
http://www.sbslinks.com/really.htm

Mariette
Tue Jan 13 13:16:04 CST 2004

In news:OkQa0Pg2DHA.1924@TK2MSFTNGP10.phx.gbl,
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa@pacbell.net> wrote:

> 816458 - MS04-001: A vulnerability in an Internet Security and
> Acceleration Server 2000 H.323 filter could allow remote code
> execution:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458

The H.323 is disabled by default on any ISA installation and definetly on
SBS 2000 and 2003. Not much to worry about.

--
Mariëtte Knap - MVP
http://www.smallbizserver.net

SuperGumby
Tue Jan 13 14:31:03 CST 2004

from
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-001.asp

technical details
blah, blah,blah
The H.323 filter is enabled by default on servers running ISA Server 2000
computers that are installed in integrated or firewall mode.

"Mariette Knap [SBS MVP]" <mariette@smallbizserver.local> wrote in message
news:uqP%23kmg2DHA.2160@TK2MSFTNGP12.phx.gbl...
> In news:OkQa0Pg2DHA.1924@TK2MSFTNGP10.phx.gbl,
> Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa@pacbell.net>
wrote:
>
> > 816458 - MS04-001: A vulnerability in an Internet Security and
> > Acceleration Server 2000 H.323 filter could allow remote code
> > execution:
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458
>
> The H.323 is disabled by default on any ISA installation and definetly on
> SBS 2000 and 2003. Not much to worry about.
>
> --
> Mariëtte Knap - MVP
> http://www.smallbizserver.net
>
>

Mariette
Tue Jan 13 15:37:09 CST 2004

In news:OE3iARh2DHA.2544@TK2MSFTNGP10.phx.gbl,
SuperGumby <not@your.nellie> wrote:

> from
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-001.asp
>
> technical details
> blah, blah,blah
> The H.323 filter is enabled by default on servers running ISA Server
> 2000 computers that are installed in integrated or firewall mode.

Well, not on mine...???
--
Mariëtte Knap - MVP
http://www.smallbizserver.net

Frank
Tue Jan 13 17:46:19 CST 2004

Hmm...

Susan beat me again here in the newsgroup...

And seems to be a flaw in the H323 protocol itself and not just limited to
Microsoft.

http://www.computerworld.com/newsletter/0,4902,89041,00.html?nlid=PM

This could be a big thing for awhile. Talking about problems with routers,
internet routers,
devices that support NAT and H.323 pass through. Look at this one carefully.

Frank Clark

On 13-Jan-2004, "Mariette Knap [SBS MVP]" <mariette@smallbizserver.local>,
spat forth
18 lines on "Re: <<04-001 Security Bulletin for ISA Server >> ":

> n news:OE3iARh2DHA.2544@TK2MSFTNGP10.phx.gbl,
> SuperGumby <not@your.nellie> wrote:
>
> > from
> >
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-001.asp
> >
> > technical details
> > blah, blah,blah
> > The H.323 filter is enabled by default on servers running ISA Server
> > 2000 computers that are installed in integrated or firewall mode.
>
> Well, not on mine...???
> --
> Mariëtte Knap - MVP
> http://www.smallbizserver.net

Charlie
Tue Jan 13 18:07:40 CST 2004

Mariette is correct that on SBS 2003 Premium installations, we have disabled
the H.323 filter when installing ISA from the Premium Technologies CD. The
reason for this is that our research found H.323 used rarely in small
businesses, and we felt it better to turn off this functionality than to
have a non-used service running by default.

Thanks.

--
Charlie Anthe
Microsoft Small Business Server Team

This posting is provided "AS IS" with no warranties, and confers no rights.

"Mariette Knap [SBS MVP]" <mariette@smallbizserver.local> wrote in message
news:uCxCa1h2DHA.3468@TK2MSFTNGP11.phx.gbl...
> In news:OE3iARh2DHA.2544@TK2MSFTNGP10.phx.gbl,
> SuperGumby <not@your.nellie> wrote:
>
> > from
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-001.asp
> >
> > technical details
> > blah, blah,blah
> > The H.323 filter is enabled by default on servers running ISA Server
> > 2000 computers that are installed in integrated or firewall mode.
>
> Well, not on mine...???
> --
> Mariëtte Knap - MVP
> http://www.smallbizserver.net
>
>

Susan
Tue Jan 13 20:18:03 CST 2004

Patch anyway is my motto. It's easy enough to patch and that way
there's no question whatsoever and the threat vector is gone in case we
ever do turn it on.

Susan

Mariette Knap [SBS MVP] wrote:
> In news:OkQa0Pg2DHA.1924@TK2MSFTNGP10.phx.gbl,
> Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa@pacbell.net> wrote:
>
>
>>816458 - MS04-001: A vulnerability in an Internet Security and
>>Acceleration Server 2000 H.323 filter could allow remote code
>>execution:
>>http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458
>
>
> The H.323 is disabled by default on any ISA installation and definetly on
> SBS 2000 and 2003. Not much to worry about.
>

--
http://www.sbslinks.com/really.htm

John
Tue Jan 13 20:28:38 CST 2004

Did I miss something? I thought ISA was only included in the Premium
Edition but the Knowledge Base article at
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458 indicates
this affects SBS Standard Edition with no mention of the Premium Edition.

For kicks I ran the update on my SBS Standard box and was told ISA is not
installed on this machine.

---
John A. Wolf
jawlaw@hotmail.com

"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:OkQa0Pg2DHA.1924@TK2MSFTNGP10.phx.gbl...
> 816458 - MS04-001: A vulnerability in an Internet Security and
> Acceleration Server 2000 H.323 filter could allow remote code execution:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458
>
> Again, not found by merely Windows Updating a box
>
>
> 04-002 is just Exchange 2003
> --
> http://www.sbslinks.com/really.htm
>

Susan
Tue Jan 13 20:50:22 CST 2004

Good catch. Nope only Premium has ISA. I pinged a guy in the Security
section to update this.

John A. Wolf wrote:
> Did I miss something? I thought ISA was only included in the Premium
> Edition but the Knowledge Base article at
> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458 indicates
> this affects SBS Standard Edition with no mention of the Premium Edition.
>
> For kicks I ran the update on my SBS Standard box and was told ISA is not
> installed on this machine.
>
> ---
> John A. Wolf
> jawlaw@hotmail.com
>
> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
> wrote in message news:OkQa0Pg2DHA.1924@TK2MSFTNGP10.phx.gbl...
>
>>816458 - MS04-001: A vulnerability in an Internet Security and
>>Acceleration Server 2000 H.323 filter could allow remote code execution:
>>http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458
>>
>>Again, not found by merely Windows Updating a box
>>
>>
>>04-002 is just Exchange 2003
>>--
>>http://www.sbslinks.com/really.htm
>>
>
>
>

--
http://www.sbslinks.com/really.htm

John
Tue Jan 13 21:57:38 CST 2004

Thanks Susan. I knew I could count on you.

---
John A. Wolf
jawlaw@hotmail.com

"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
wrote in message news:%23310nkk2DHA.2572@TK2MSFTNGP12.phx.gbl...
> Good catch. Nope only Premium has ISA. I pinged a guy in the Security
> section to update this.
>
> John A. Wolf wrote:
>> Did I miss something? I thought ISA was only included in the Premium
>> Edition but the Knowledge Base article at
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458 indicates
>> this affects SBS Standard Edition with no mention of the Premium Edition.
>>
>> For kicks I ran the update on my SBS Standard box and was told ISA is not
>> installed on this machine.
>>
>> ---
>> John A. Wolf
>> jawlaw@hotmail.com
>>
>> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
>> wrote in message news:OkQa0Pg2DHA.1924@TK2MSFTNGP10.phx.gbl...
>>
>>>816458 - MS04-001: A vulnerability in an Internet Security and
>>>Acceleration Server 2000 H.323 filter could allow remote code execution:
>>>http://support.microsoft.com/default.aspx?scid=kb;en-us;Q816458
>>>
>>>Again, not found by merely Windows Updating a box
>>>
>>>
>>>04-002 is just Exchange 2003
>>>--
>>>http://www.sbslinks.com/really.htm
>>>
>>
>>
>>
>
> --
> http://www.sbslinks.com/really.htm
>

SuperGumby
Tue Jan 13 23:45:48 CST 2004

that being the key. it is enabled in SBS2000 and disabled in SBS2003, it
seems.

"Charlie Anthe [MSFT]" <canthe@online.microsoft.com> wrote in message
news:Oi$axJj2DHA.308@TK2MSFTNGP11.phx.gbl...
> Mariette is correct that on SBS 2003 Premium installations, we have
disabled
> the H.323 filter when installing ISA from the Premium Technologies CD. The
> reason for this is that our research found H.323 used rarely in small
> businesses, and we felt it better to turn off this functionality than to
> have a non-used service running by default.
>
> Thanks.
>
> --
> Charlie Anthe
> Microsoft Small Business Server Team
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Mariette Knap [SBS MVP]" <mariette@smallbizserver.local> wrote in message
> news:uCxCa1h2DHA.3468@TK2MSFTNGP11.phx.gbl...
> > In news:OE3iARh2DHA.2544@TK2MSFTNGP10.phx.gbl,
> > SuperGumby <not@your.nellie> wrote:
> >
> > > from
> > >
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-001.asp
> > >
> > > technical details
> > > blah, blah,blah
> > > The H.323 filter is enabled by default on servers running ISA Server
> > > 2000 computers that are installed in integrated or firewall mode.
> >
> > Well, not on mine...???
> > --
> > Mariëtte Knap - MVP
> > http://www.smallbizserver.net
> >
> >
>
>