When an incoming Web request is made to a computer that is running Internet Security and Acceleration (ISA) Server and is publishing a Web page by using Web Publishing, the Web Proxy service may stop and an access violation may occur.
This problem can occur if you use Web Publishing to bridge incoming Hypertext Transfer Protocol (HTTP) traffic to a Web server behind ISA Server; a malformed URL request might cause the Web Proxy service to stop and an access violation might occur. This problem occurs because of a heap corruption, not a buffer overrun, and does not compromise access to ISA Server from the Internet in any way. The Web Proxy service, Web proxy clients, and sites that are made available by Web Publishing are affected by this problem. If you do not have listeners configured under Incoming Web Requests (these listeners are not configured by default), this problem does not affect ISA Server in any way.
This supported fix is now available, but it is only intended to correct the problem described in this article and should be applied only to systems that are determined to be at risk of attack. Please evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. Please see the associated Microsoft Security Bulletin to help make this determination. This fix may receive additional testing at a later time, to further ensure product quality. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now. Otherwise, wait for the next ISA Server service pack that contains this fix.