::runs screaming from room:: :) But some of us know you are the man. I wouldn't trust some folks with that!
-----Original Message----- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 5:53 AM To: Exchange Discussions Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 ACK. Problem is that smaller companies sometimes can't afford to buy a new machine. Hence they must do in place. But in my world in place doesn't exist either ;-) Actually, I remember back in Exchange 2000 RC1 times in Feb 2000 I started with each new beta build from scratch: Beta 3 => RC1 => RC2 => RTM. I today celebrated two year Exchange 2000 production usage :-) <Siegfried /> > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 28, 2002 2:47 PM > To: Exchange Discussions > Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 > > Ewwww In place upgrade :) > > I did say you could have both. With tweaking just as you explained. > But in place upgrades don't exist in my world, so that is why I do it the > MS > way. > > Just different ways of doing things. Right? > > -----Original Message----- > From: Siegfried Weber [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 28, 2002 5:40 AM > To: Exchange Discussions > Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 > > > If you look close to both, MS02-011 & MS02-012, you'll see that they both > point to the same patch for Windows 2000. > > Only MS02-011 includes a patch for the Exchange 5.5 IMS, not MS02-012. > > You can have both, Exchange 5.5 IMS & Windows 2000 SMTP, on the same > machine. All you need to do is either: > > a) Change the Windows 2000 SMTP port from 25 to whatever you like > a) Or disable the Windows 2000 SMTP service > > I'd recommend always installing the Windows 2000 SMTP service and apply > any > patches related to it, because a possible inplace upgrade to Exchange 2000 > will be easier to accomplish. > > I'd also recommend to install Windows 2000 IIS and NNTP on such a machine > for the same reasons. > > <Siegfried /> > > > -----Original Message----- > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 28, 2002 2:33 PM > > To: Exchange Discussions > > Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 > > > > Here is how I see it. You cant have both (well you can, but with > tweaking) > > on the same box. > > You either have the IMS, or the SMTP service. Unless you have a > separate > > IMS > > server, you should probably use 011. > > Remember, one specific task in the white paper for installing Exch55 > on a > > W2K server was to remove or not install the SMTP service. > > > > Customers who need the Windows 2000 SMTP services should apply the > Windows > > patch; all others should disable the SMTP service. Customers using the > > Exchange Server 5.5 IMC should apply the Exchange Server 5.5 IMC > patch. > > > > -----Original Message----- > > From: Orr, Dale [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 28, 2002 4:22 AM > > To: Exchange Discussions > > Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 > > > > > > This one is giving me a headache -- I have Exch 5.5 running on a Win2k > > server. I'm looking for the fine print that tells me which patch to > apply > > first, or at all, if any, or both. Your mileage may vary. Sigh. > > > > -----Original Message----- > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, February 27, 2002 9:16 PM > > To: Exchange Discussions > > Subject: FW: Alert:Microsoft Security Bulletin - MS02-012 > > > > > > > > > > -----Original Message----- > > From: Russ [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, February 27, 2002 6:05 PM > > To: [EMAIL PROTECTED] > > Subject: Alert:Microsoft Security Bulletin - MS02-012 > > > > > > http://www.microsoft.com/technet/security/bulletin/MS02-012.asp > > > > Malformed Data Transfer Request can Cause Windows SMTP Service to Fail > > > > Originally posted: February 27, 2002 > > > > Summary > > > > Who should read this bulletin: Customers using Microsoft(r) Windows(r) > > 2000 Server and Professional, Windows XP Professional and Exchange > > Server > 2000 > > > > Impact of vulnerability:Denial of Service > > > > Maximum Severity Rating:Low > > > > Recommendation:Customers who need the Windows 2000 SMTP services > should > > apply the patch; all others should disable the SMTP service. > > > > Affected Software: > > - Microsoft Windows 2000 > > - Microsoft Windows XP Professional > > - Microsoft Exchange 2000 > > > > Technical description: > > > > An SMTP service installs by default as part of Windows 2000 server > > products. Exchange 2000, which can only be installed on Windows 2000, > > uses the native > > Windows 2000 SMTP service rather than providing its own. In addition, > > Windows 2000 and Windows XP workstation products provide an SMTP > service > > that is not installed by default. All of these implementations > contain a > > flaw that could enable denial of service attacks to be mounted against > the > > service. > > > > The flaw involves how the service handles a particular type of SMTP > > command used to transfer the data that constitutes an incoming mail. > > By > sending a > > malformed version of this command, an attacker could cause the SMTP > > service to fail. This would have the effect of disrupting mail > > services on the affected system, but would not cause the operating > > system itself to > fail. > > > > Mitigating factors: > > - Windows XP Home Edition does not provide an SMTP service, and is not > > affected by the vulnerability. > > - Windows 2000 Professional and Windows XP Professional do provide an > SMTP > > service, but it is not installed by default. > > - Windows 2000 server products do install the SMTP service by default. > > However, best practices recommend disabling any unneeded services, and > > systems on which the SMTP service had been disabled would not be at > risk. > > - Exchange 5.5, even if installed on a Windows 2000 server, is not > > affected by the vulnerability. > > - The result of an attack would be limited to disrupting the SMTP > service > > and, depending on the system configuration, potentially IIS and other > > internet services as well. However, it would not disrupt any other > system > > functions. > > - The vulnerability would not enable an attacker to gain any > privileges on > > the affected system or to access users' email or data. > > > > Vulnerability identifier: CAN-2002-0055 > > > > > > > > This email is sent to NTBugtraq automatically as a service to my > > subscribers. Since its programmatically created, and since its been a > long > > time since anyone paid actual money for my programming skills, it may > or > > may > > not look that good...;-] > > > > I can only hope that the information it does contain can be read well > > enough to serve its purpose. > > > > Cheers, > > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > > > oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo > oo > > oo > > Delivery co-sponsored by Qualys - Make Your Network Secure > > > oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo > oo > > oo > > Go Beyond PARTIAL Security: FREE White Paper > > > > Stop hassling with half-baked ENTERPRISE SECURITY. > > FREE White Paper shows you how to ensure TOTAL security for your > Internet > > perimeter with the most current and most complete PROACTIVE > Vulnerability > > Assessment solution. Get your FREE White Paper now. Click here! > > https://www.qualys.com/forms/techwhite_86.html > > > oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo > oo > > oo > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
