ISA SP2 closes few security holes: buffer overflow during redirect from denied resource, basic credentials may be sent over an External HTTP connection when SSL is required for published server, FTP bounce attack, handles leak in message screener, etc.
