Systems administrators shouldn't have any trouble implementing Microsoft's new fix for a content spoofing vulnerability in ISA Server 2000 and Proxy Server 2.0 -- unless they're using the German version of the patch.
German users will need to update to Windows XP Service Pack 2 before they can properly install the patch. But regardless of the language they speak, experts say a bigger concern for admins right now is the Internet Explorer IFRAME flaw that is currently being exploited by several new Mydoom variants.
"We only ran into the one snag with it with the German-language version [of the ISA Server patch]," said Jeff Graham, a product manager with St. Bernard Software Inc., a San Diego-based security and
Furor could spur off-cycle release
Microsoft issued a fix for the ISA/Server glitch last week, and the quiet month for security bulletins left some wondering if the company would release an off-cycle patch for the IFRAME vulnerability sometime before December's Patch Tuesday. Security vendors said that an off-cycle patch for it is unlikely, but not out of the question.
"I honestly think that if there is enough of a stink about it, then Microsoft probably will release [an off-cycle] patch," said Mark Loveless, senior security analyst at BindView Corp., a Houston-based company that makes security and patch management software.
Loveless said that both the IFRAME vulnerability and the ISA/Proxy Server flaw are worrisome, but not serious enough to warrant mass panic, even with exploits for the former currently in the wild. Both require end users to take steps, such as visiting a malicious Web site, to trigger them.
In the absence of an IFRAME fix from Microsoft, Loveless suggested that users be extra careful about which Web sites they visit, and consider using an alternative browser, such as Mozilla's Firefox.
"Firefox is not so much of a target because it's not embedded into the operating system as much as IE," Loveless said. "That is not to say that it is without flaws."
Early notice program draws praise
This month's security update was the first to be issued through Microsoft's new early alert program on its TechNet site. Microsoft customers can now access general information
The new early warning program is good news for admins and security vendors alike, said St. Bernard's Graham.
"That really helps everybody," he said. "It gives people who have to implement the patches a little time to budget their time."
This month's lone patch was also a welcome change from last month, when Microsoft issued a record-setting 10 security bulletins -- seven of them critical -- to fix 22 vulnerabilities.
Both Graham and Loveless said they haven't heard of any serious problems that are lingering after last month's bulletins.