Exchange 2000 Gets DoS Patch | eWeek

Exchange 2000 Gets DoS Patch

Verfasst von
Dennis Fisher
Dennis Fisher
May 29, 2002
1 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Microsoft Corp. on Wednesday released a patch for a new denial-of-service vulnerability in Exchange 2000.

The problem lies in the way the server handles malformed SMTP mail messages. When it receives such a message, Exchanges Store service uses all of the available CPU cycles in trying to process the message.

There is no way for an attacker to view or delete data on the vulnerable server.

To exploit the vulnerability, an attacker would have to create a raw SMTP message with the specially malformed attribute. He would then have to pass it directly to the Exchange server.

Its not possible to create such a message in Outlook or Outlook Express, Microsoft said.

Once the server begins processing the message, there is no way to stop it from doing so, including a reboot, Microsoft said in its advisory.

However, the denial-of-service effect would end as soon as the server finishes processing the message.

The patch for this vulnerability is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38951.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.