Problem: A security vulnerability has been discovered in Winfrasoft Winfrasoft X-Forwarded-For for ISA Server which could result in a denial of service. A successful delivery of the attack could leave the ISA Server Firewall service in a stopped state preventing ISA Server from serving traffic. No unauthorised access is gained or compromised.
Affected versions: All versions of Winfrasoft X-Forwarded-For for ISA Server up to and including 2.0.4. This also includes prior version 1.x builds.
Mitigation: The risk of attack is greatest where ISA Server is being used as a reverse proxy as inbound access from the Internet is allowed. If ISA Server is being used as a forward proxy server then the attack could only be launched from the internal network which poses a much lower risk. The only method of mitigating the issue without upgrading to the new version is to disable or uninstall X-Forwarded-For for ISA Server.
Resolution: updated version of Winfrasoft X-Forwarded-For for ISA Server has released which corrects the issue. The security fix is included in all builds from, and including version 2.0.6.
More information: Winfrasoft was privately notified about the issue, and under "responsible disclosure guidelines" we shall not be detailing exact attack methodology. The attack has been publically exploited in the wild although it is not known if this was specifically an attack targeted against Winfrasoft X-Forwarded-For for ISA Server.