Microsoft Exchange Error in Parsing MX Records Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1023854 |
|
SecurityTracker URL: http://securitytracker.com/id/1023854
|
|
CVE Reference:
CVE-2010-0024
(Links to External Site)
|
Date: Apr 13 2010
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2000 SP3, 2003 SP2, 2007 SP2, 2010
|
Description:
A vulnerability was reported in Microsoft Exchange. A remote user can cause denial of service conditions.
A remote DNS server can send a specially crafted DNS Mail Exchanger (MX) resource record to cause the target SMTP service to stop responding until the triggering SMTP message is removed from the queue and the service is manually restarted.
|
Impact:
A remote user can cause the SMTP service to hang.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE-495B-8EEC-D105A970DAA7
Windows XP Service Pack 2 and Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=DE447B76-EC89-426B-AC54-3AE3855D1159
Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=4F9A696D-2712-4777-A642-E78A38336E8A
Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4-4243-9D44-256424D75FEC
Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=644FF070-237B-4A73-B2E2-9FFFDAFA3927
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=56C8238D-8B04-4AA5-8719-40550CD7325C
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=E29EAD69-000A-4982-A25C-F3981EDA381A
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=8F922E64-E3A6-46FE-9A81-B2813EA6A330
Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=EB27CD2B-D514-4405-8650-259A42E35155
Microsoft Exchange Server 2000 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=e47c90a0-c9c8-43b7-bec7-34107ddde294
Microsoft Exchange Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=bc8391f8-5335-496b-ad4c-bae38509be4a
Microsoft Exchange Server 2007 Service Pack 1 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=6a894b4e-12b6-4a91-9555-d813956b6aac
Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=b8f7f872-16d5-49d6-9867-adc01351c06f
Microsoft Exchange Server 2010 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=7dcf2390-dff7-4e3a-acca-03f4d43fb79a
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms10-024.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-024.mspx (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (2008), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Apr 2010 19:45:53 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-024.mspx
|
Microsoft Security Bulletin MS10-024 - Important: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
CVE-2010-0024
|
|
