ISA & TMG NAT behavior And MS08-037

Microsoft Security Response Center (MSRC) issued bulletin MS08-037 to address vulnerabilities in DNS resolvers caused by predictable UDP source port usage.

Problem:
After you install security update 953230 (MS08-037) on a Microsoft Windows-based computer, Domain Name System (DNS) queries that are sent from the computer across a firewall do not use random source ports.

MSKB 956190 addresses behavior observed when traffic crosses a NAT-based firewall and provides workarounds to mitigate this behavior.

Regards,
Jesper