Skip to content

Critical Update for Microsoft Firewall

Attackers can get system level access
by George Milner

Microsoft has released a patch for its firewall product, Internet Security and Acceleration (ISA) Server 2000. The vulnerability affects the ISA Server's H.323 filter used to allow multimedia over networks. Attackers can exploit this flaw to gain system level access. Because Microsoft enabled the H.323 filter by default, most users are at high risk for this form of attack.

A patch is available and should be applied as soon as possible. If immediate installation is delayed, Microsoft has suggested disabling the H.323 filter.

To disable the H.323 filter:

  • Open ISA management tool.
  • Expand the Extensions container
  • Expand the Application Filters container
  • Select the H.323 Filter and then click "Disable"
  • Restart the Microsoft Firewall Service Windows Components.


  • The problem with this solution is that it will also block multimedia traffic so the best solution will be to apply the patch.

    FOR MORE INFORMATION:

    VoIP vulnerability could leave networks exposed
    Microsoft security bulletin MS04-001
    Microsoft security bulletin MS04-002
    Microsoft security bulletin MS04-003


    First published on BankersOnline.com 01/15/04

    First published on 01/15/2004

    Filed under: 
    Filed under technology as: 

    Banker Store View All

    From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

    Banker Store

    hot right now

    image description

    Looking for effective, convenient training on a particular subject?

    BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

    Search Topics