TITLE: Microsoft Exchange / Windows SMTP Service Two Vulnerabilities Moderately critical Impact: Exposure of sensitive information, DoS Where: From remote VERIFY ADVISORY: http://secunia.com/advisories/39376/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows and Exchange Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or gain knowledge of sensitive information. 1) An error in the SMTP service when parsing DNS Mail Exchanger (MX) records can be exploited to cause the service to stop responding until a specially crafted message is removed from the queue and the service is restarted. 2) A memory allocation error in the SMTP component when interpreting SMTP responses can be exploited to disclose random e-mail message fragments by sending invalid commands followed by the STARTTLS command. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE-495B-8EEC-D105A970DAA7 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=DE447B76-EC89-426B-AC54-3AE3855D1159 Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=4F9A696D-2712-4777-A642-E78A38336E8A Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4-4243-9D44-256424D75FEC Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=644FF070-237B-4A73-B2E2-9FFFDAFA3927 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=56C8238D-8B04-4AA5-8719-40550CD7325C Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=E29EAD69-000A-4982-A25C-F3981EDA381A Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=8F922E64-E3A6-46FE-9A81-B2813EA6A330 Windows Server 2008 R2 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=EB27CD2B-D514-4405-8650-259A42E35155 Microsoft Exchange Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=bc8391f8-5335-496b-ad4c-bae38509be4a ORIGINAL ADVISORY: MS10-024 (KB976323, KB976702, KB981407, KB981832): http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-