[PCWorks] Microsoft Exchange / Windows SMTP Service Two Vulnerabilities
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Sat, 17 Apr 2010 00:24:46 -0500
TITLE:
Microsoft Exchange / Windows SMTP Service Two Vulnerabilities
Moderately critical
Impact: Exposure of sensitive information, DoS
Where: From remote
VERIFY ADVISORY:
http://secunia.com/advisories/39376/
DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Windows and
Exchange Server, which can be exploited by malicious people to cause
a DoS (Denial of Service) or gain knowledge of sensitive
information.
1) An error in the SMTP service when parsing DNS Mail Exchanger (MX)
records can be exploited to cause the service to stop responding
until a specially crafted message is removed from the queue and the
service is restarted.
2) A memory allocation error in the SMTP component when interpreting
SMTP responses can be exploited to disclose random e-mail message
fragments by sending invalid commands followed by the STARTTLS
command.
SOLUTION:
Apply patches.
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE-495B-8EEC-D105A970DAA7
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=DE447B76-EC89-426B-AC54-3AE3855D1159
Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=4F9A696D-2712-4777-A642-E78A38336E8A
Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4-4243-9D44-256424D75FEC
Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=644FF070-237B-4A73-B2E2-9FFFDAFA3927
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=56C8238D-8B04-4AA5-8719-40550CD7325C
Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=E29EAD69-000A-4982-A25C-F3981EDA381A
Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?familyid=8F922E64-E3A6-46FE-9A81-B2813EA6A330
Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=EB27CD2B-D514-4405-8650-259A42E35155
Microsoft Exchange Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=bc8391f8-5335-496b-ad4c-bae38509be4a
ORIGINAL ADVISORY:
MS10-024 (KB976323, KB976702, KB981407, KB981832):
http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
- » [PCWorks] Microsoft Exchange / Windows SMTP Service Two Vulnerabilities - Clint Hamilton-PCWorks Admin
