ISA Server 2000 - Vulnerability in H.323 Filter Can Cause Remote Code Execution (816458) for Windows

A critical security vulnerability exists in the H.323 filter for Microsoft ISA Server 2000 that could allow an attacker to overflow a buffer on the Microsoft Firewall Service in Microsoft ISA Server 2000. The vulnerability results because the H.323 filter for the Microsoft Firewall Service does not perform proper boundary checks on specially formatted H.323 packets.

An attacker who successfully exploited this vulnerably could attempt to run code of their choosing in the security context of the Microsoft Firewall Service, giving the attacker complete control over the system. ISA Servers running in cache mode are not vulnerable because the Microsoft Firewall Service is disabled by default. However, since the H.323 filter is enabled by default on systems installed in Integrated or Firewall mode, installing this security update is highly recommended. This version is the first release on CNET Download.com.