Exchange 2000 Gets DoS Patch

 
 
By Dennis Fisher  |  Posted 2002-05-29 Print this article Print
 
 
 
 
 
 
 

Microsoft releases a patch for a new denial-of-service vulnerability in Exchange 2000.

Microsoft Corp. on Wednesday released a patch for a new denial-of-service vulnerability in Exchange 2000. The problem lies in the way the server handles malformed SMTP mail messages. When it receives such a message, Exchanges Store service uses all of the available CPU cycles in trying to process the message. There is no way for an attacker to view or delete data on the vulnerable server.
To exploit the vulnerability, an attacker would have to create a raw SMTP message with the specially malformed attribute. He would then have to pass it directly to the Exchange server.
Its not possible to create such a message in Outlook or Outlook Express, Microsoft said. Once the server begins processing the message, there is no way to stop it from doing so, including a reboot, Microsoft said in its advisory. However, the denial-of-service effect would end as soon as the server finishes processing the message. The patch for this vulnerability is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38951.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel