You should consider installing SP2 as soon as possible

ISA Server SP2 can be applied to ISA Server Standard and Enterprise Editions, and includes:

• All hot fixes and security updates issued since ISA Server was released to manufacturing.

• Fixes for common issues reported by customers through Microsoft Product Support Services (PSS).

• Enhanced stability of the ISA Server services and administration tool in a number of scenarios.

• Fixes that enable ISA Server to run on Microsoft Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition.

• Fixes recommended through an audit by third-party security experts.

Download SP2 for ISA 2000 (3.9mb)

See the Readme file for SP2

Required Patches

Internet Security and Acceleration (ISA) Server with SP1 running on a Windows 2000 SP4 Server box requires the following security-related patches:

November 2004

MS04-039 : Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258)

January 2004

MS04-001 : Vulnerability in H.323 Filter can Allow Remote Code Execution (816458)

July 2003

MS03-028 : Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack (816456)

April 2003

MS03-012 : Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service (331066)

March 2003

MS03-009 : Flaw in ISA Server DNS intrusion detection filter can cause Denial of Service (331065)

August 2002

MS02-044 : Unsafe Functions in Office Web Components (328130)

June 2002

MS02-027 : Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker’s Choice (323889)