Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[NTSEC] DoS attack in MS - Proxy 2.0

From: jasong () MICROSOFT COM (Jason Garms)
Date: Thu, 15 Oct 1998 11:23:50 -0700

Just to follow-up on some recent threads on on Microsoft Proxy Server:

On October 8 & 9, 1998, two emails were posted by mnemonix () globalnet co uk
who indicated two possible new security attacks against Microsoft Proxy
Server.

We've worked in our labs and with the assistance of Mnemonix in an attempt
to reproduce the reported security issues. There were two specific scenarios
reported and both have been researched and tested. In spite of the effort
and help from the Mnemonix we've been unable to reproduce the stated
security breaches with a properly configured Microsoft Proxy Server.

At this time, we have no reason to believe that customers have any risk
associated with the reported attack method.  None-the-less, we will continue
research with Mnemonix until we can fully explain the observed behavior
reported.

We take these kinds of reports very seriously and we'll continue to track
any new developments.

Thanks,
-JasonG

Jason Garms
Product Manager
Windows NT Security
Microsoft Corporation

JasonG () Microsoft Com
Previous By Date Next
Previous By Thread Next

Current thread: