Partilhar via


Blocking VML with ISA 2004 & ISA 2006

http://www.microsoft.com/technet/security/advisory/925568.mspx discusses a vulnerability in the VML parsing dll which can result in an unpleasant experience.

http://www.microsoft.com/technet/isa/2006/how-to-block-vml.mspx discusses a methodology by which you can use ISA 2004 or ISA 2006 to block HTTP-based attacks targeted against this vulnerability.

Finally, http://isatools.org/block_vml.vbs automates the process of creating the proper HTTP Filter settings for you.

Tim's report was accurate (see my comments). I've updated the script to version 1.2 and reposted it. Many thanx to Tim for his discovery.

Thank you,

Jim Harrison (ISA Sustained Engineering)

Comments

  • Anonymous
    January 01, 2003
    PingBack from http://blogs.technet.com/tristank/archive/2006/09/26/459024.aspx

  • Anonymous
    January 01, 2003
    Hej på er,
    Som ett avbrott i byggandet, ISA Teamet har postat i sin blog hur man gör för att skydda...

  • Anonymous
    January 01, 2003
    The ISA product team blog has details and links to instructions on how to configure ISA 200x to block...

  • Anonymous
    January 01, 2003
    Hello! Very interesting. Thank you.

  • Anonymous
    September 25, 2006
    The comment has been removed

  • Anonymous
    September 25, 2006
    UPDATE

    Tim's report uncovered an odditiy in VBScript processing of the 'and' test.  changing the script to a 'nested if' fixed the problem.

    ..I like JScript soooo much better...

  • Anonymous
    September 26, 2006
    Just installed in a test environment and had one problme on ISA 2006. It broke rpc/https publishing. I had to uncheck the filters to make it work.