Security Update 2509553 breaks ISA 2006 RAS

Security Update: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

Breaks PPTP VPN access through RAS on a ISA 2006 Server

Issue indication:

  • From client side (Windows 7 x64 workstation) the error message is:

Client-VPN-error

  • From server side:
  1. There are no any errors in System or Application even logs.
  2. Log on process from local console or Remote Desktop is unresponsive and takes long time sometimes.
  3. “Task Manager” hangs up when switching to “Networking” tab sometimes.
  4. “Routing and Remote Access” MMC console does not show any available VPN ports or routing table (it seems that RRAS process not working as expected).
  5. When capturing network traffic on ISA server between VPN client and ISA, it seems that ISA server does not replay to “GRE LCP:Configure-Request” packets.
  • After server restart all is working fine:
  1. “Routing and Remote Access” MMC console shows available VPN ports and VPN clients connect normally.
  2. When capturing network traffic on ISA server between VPN client and ISA, ISA server replays to first “GRE LCP:Configure-Request” packet.
  • After some time (1-12 hours) the issue reappears again.

Issue resolution:

  • uninstall security update: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) http://support.microsoft.com/kb/2509553 (for Windows Server 2003 Service Pack 2 aggregate severity rating is “Important” not “Critical”).
  1. #1 by Mohammad Reza Lamei on July 14, 2011 - 08:57

    thanks a lot. I had this problem with VPN and ISA 2006. I just don’t know why Microsoft didn’t warn about that?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: