Microsoft yesterday released a patch aimed at protecting its ISA (Internet Security and Acceleration Server 2000), an enterprise-level firewall and Web cache server, and Proxy Server 2.0, which serves as an Internet gateway for networked computers.
The affected software includes Microsoft Proxy Server 2.0 Service Pack 1, Microsoft Internet Security and Acceleration Server 2000 Service Pack 1 and Microsoft Internet Security and Acceleration Server 2000 Service Pack 2, Microsoft Small Business Server 2000, and Microsoft Small Business Server 2003 Premium Edition.
According to the company’s technical bulletin, the vulnerability could cause users to unintentionally access a malicious Web site. Microsoft ranked the flaw as “important,” which is its second highest ranking. Internet security experts warned that it could also allow attackers to gather sensitive information.
Spoofing is a technique used by hackers to gain unauthorized access to computers by sending messages that appear to come from a trusted URL.
Art Manion, an Internet Security Analyst with the CERTR Coordination Center at Carnegie Mellon University, says “It looks official, but it’s really ‘spoofing’ the real Web site.” CERT/CC is a major reporting center for Internet security problems.
Manion says the latest Microsoft patch is an important one. “The ISA Server sits between a network and the Internet. Without this new patch, a user might type in a legitimate URL that the attacker could misdirect to a malicious Web site.”
Likely to Continue
Those sites ask for passwords, account information, and in general, try to copy a real site in order to gain access to personal information from users.
It’s a major problem that’s likely to continue for a while, Manion warns, and it’s one that’s not easy to fix, since developers have to proceed with caution.
“It’s important to respond carefully and get it right the first time, so that you don’t have to fix the fix. And that requires a lot of effort. Our work at CERT/CC concentrates on trying to correct problems at the source, so that eventually we’ll end up with better software.”
In the meantime, he urges users to protect themselves by keeping software updated, regularly checking vendors’ Web sites for patches, dedicating necessary resources to maintaining security, and considering the security implications of any new rollout.
For now, Manion says, “This is the state of the world.”