W2K/Exchange5.5 Mass Email Vulnerability

Discussion in 'other security issues & news' started by spy1, Mar 1, 2002.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Dec 29, 2002
    Clover, SC
    Microsoft has released a security bulletin informing
    about a Windows 2000 and Exchange 5.5 vulnerability that could allow an
    unauthorized user to send e-mails en masse. The company has also released
    the corresponding patches to fix the bug.

    The vulnerability is in the Simple Mail Transfer Protocol (SMTP) service
    installed by default as part of Windows 2000 server products and as part of
    the Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5. The
    problem could allow an attacker to gain access without proper authentication
    and send e-mails using the affected server as an intermediary.

    The updates for Microsoft Windows 2000 Server, Professional and Advanced
    Server are available at:
    http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36556, and for
    Exchange Server 5.5 at:

    (*) More information at:
Thread Status:
Not open for further replies.