Blocking VML with ISA 2004 & ISA 2006
http://www.microsoft.com/technet/security/advisory/925568.mspx discusses a vulnerability in the VML parsing dll which can result in an unpleasant experience.
http://www.microsoft.com/technet/isa/2006/how-to-block-vml.mspx discusses a methodology by which you can use ISA 2004 or ISA 2006 to block HTTP-based attacks targeted against this vulnerability.
Finally, http://isatools.org/block_vml.vbs automates the process of creating the proper HTTP Filter settings for you.
Tim's report was accurate (see my comments). I've updated the script to version 1.2 and reposted it. Many thanx to Tim for his discovery.
Thank you,
Jim Harrison (ISA Sustained Engineering)
Comments
Anonymous
January 01, 2003
PingBack from http://blogs.technet.com/tristank/archive/2006/09/26/459024.aspxAnonymous
January 01, 2003
Hej på er,
Som ett avbrott i byggandet, ISA Teamet har postat i sin blog hur man gör för att skydda...Anonymous
January 01, 2003
The ISA product team blog has details and links to instructions on how to configure ISA 200x to block...Anonymous
January 01, 2003
Hello! Very interesting. Thank you.Anonymous
September 25, 2006
The comment has been removedAnonymous
September 25, 2006
UPDATE
Tim's report uncovered an odditiy in VBScript processing of the 'and' test. changing the script to a 'nested if' fixed the problem.
..I like JScript soooo much better...Anonymous
September 26, 2006
Just installed in a test environment and had one problme on ISA 2006. It broke rpc/https publishing. I had to uncheck the filters to make it work.