Home page logo

bugtraq logo Bugtraq mailing list archives

[NTSEC] DoS attack in MS - Proxy 2.0
From: jasong () MICROSOFT COM (Jason Garms)
Date: Thu, 15 Oct 1998 11:23:50 -0700

Just to follow-up on some recent threads on on Microsoft Proxy Server:

On October 8 & 9, 1998, two emails were posted by mnemonix () globalnet co uk
who indicated two possible new security attacks against Microsoft Proxy

We've worked in our labs and with the assistance of Mnemonix in an attempt
to reproduce the reported security issues. There were two specific scenarios
reported and both have been researched and tested. In spite of the effort
and help from the Mnemonix we've been unable to reproduce the stated
security breaches with a properly configured Microsoft Proxy Server.

At this time, we have no reason to believe that customers have any risk
associated with the reported attack method.  None-the-less, we will continue
research with Mnemonix until we can fully explain the observed behavior

We take these kinds of reports very seriously and we'll continue to track
any new developments.


Jason Garms
Product Manager
Windows NT Security
Microsoft Corporation

JasonG () Microsoft Com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]