spy1
March 1st, 2002, 12:42 PM
Microsoft has released a security bulletin informing
about a Windows 2000 and Exchange 5.5 vulnerability that could allow an
unauthorized user to send e-mails en masse. The company has also released
the corresponding patches to fix the bug.
The vulnerability is in the Simple Mail Transfer Protocol (SMTP) service
installed by default as part of Windows 2000 server products and as part of
the Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5. The
problem could allow an attacker to gain access without proper authentication
and send e-mails using the affected server as an intermediary.
The updates for Microsoft Windows 2000 Server, Professional and Advanced
Server are available at:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36556, and for
Exchange Server 5.5 at:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=33423
(*) More information at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/ms02-011.asp
about a Windows 2000 and Exchange 5.5 vulnerability that could allow an
unauthorized user to send e-mails en masse. The company has also released
the corresponding patches to fix the bug.
The vulnerability is in the Simple Mail Transfer Protocol (SMTP) service
installed by default as part of Windows 2000 server products and as part of
the Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5. The
problem could allow an attacker to gain access without proper authentication
and send e-mails using the affected server as an intermediary.
The updates for Microsoft Windows 2000 Server, Professional and Advanced
Server are available at:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36556, and for
Exchange Server 5.5 at:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=33423
(*) More information at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/ms02-011.asp