I mentioned yesterday that an advisory was released regarding a security issue with the Office Web Components that are installed on the ISA firewall during firewall software installation. The Office Web Components are used to help render firewall generated reports.

A couple of pieces of good news have been released by the ISA firewall team:

• Generating reports does not expose the firewall to any exploits of the OWC code
• OWCs are used to generate the charts and graphs in the reports, so they are not called when you use the browser on the firewall to view the reports

The second observation is significant. I’ve made it a point to remind ISA firewall admins that they shouldn’t use the firewall as a workstation, which means not using the browser on the firewall. However, it can be argued that it’s reasonable to use the browser to view the firewall activity reports. That’s a good observation and I agree, so it’s good to hear that using the browser to view the reports doesn’t expose the firewall to any OWC related exploits.

So the same observation stands – do not use the firewall as a workstation and don’t use the firewall’s browser to “surf the Web”. Use your management station for that.

For more information on this issue, check out the ISA/TMG Firewall Team blog over at:

https://blogs.technet.com/isablog/archive/2009/07/...g.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)