Today, Philipp Sand, from Forefront ISA/TMG team published a blog post about a specific case where the ISA firewall process (wspsrv.exe) leaks memory if installed a Windows optional update and you use ISA connection verifier to check connectivity against web servers that uses Windows Integrated authentication.
If your ISA firewall is running under a heavy load environment, then the recommendation is to not install KB971737. Otherwise, ISA firewall will behave as described in his post.
Keep in mind that is always recommended and best practice to test an update into a test lab before release it to production servers, even though, the update it is not intended to ISA firewall itself. Remember ISA takes advantages of Windows resources for most of it’s tasks.
Update: Changed the name of the blog post author, according to Yuri’s comment.