It is? I lost track of that this week. Too much work and less time. <Siegfried />
> -----Original Message----- > From: Orr, Dale [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 28, 2002 3:17 PM > To: Exchange Discussions > Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 > > But it's only THURSDAY! > > -----Original Message----- > From: Siegfried Weber [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 28, 2002 8:25 AM > To: Exchange Discussions > Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 > > > You're kidding, eh? > > It is 2:24 p.m. here and I am working since 5 a.m. this morn. > > <Siegfried /> > > > -----Original Message----- > > From: Orr, Dale [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 28, 2002 2:20 PM > > To: Exchange Discussions > > Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 > > > > <bowing to superior intellect> My gosh, Siefried! You must be.... > AWAKE > > ALREADY!!! </bowing and scraping> > > > > -----Original Message----- > > From: Siegfried Weber [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 28, 2002 8:14 AM > > To: Exchange Discussions > > Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 > > > > > > <quote> > > Does the vulnerability affect the SMTP service in Exchange Server 5.5? > > > > No. Exchange 5.5, even if installed on Windows 2000, uses its own SMTP > > service, which is not affected by the vulnerability > > </quote> > > > > <Siegfried /> > > > > > -----Original Message----- > > > From: Orr, Dale [mailto:[EMAIL PROTECTED]] > > > Sent: Thursday, February 28, 2002 1:22 PM > > > To: Exchange Discussions > > > Subject: RE: Alert:Microsoft Security Bulletin - MS02-012 > > > > > > This one is giving me a headache -- I have Exch 5.5 running on a > Win2k > > > server. I'm looking for the fine print that tells me which patch to > > apply > > > first, or at all, if any, or both. Your mileage may vary. Sigh. > > > > > > -----Original Message----- > > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, February 27, 2002 9:16 PM > > > To: Exchange Discussions > > > Subject: FW: Alert:Microsoft Security Bulletin - MS02-012 > > > > > > > > > > > > > > > -----Original Message----- > > > From: Russ [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, February 27, 2002 6:05 PM > > > To: [EMAIL PROTECTED] > > > Subject: Alert:Microsoft Security Bulletin - MS02-012 > > > > > > > > > http://www.microsoft.com/technet/security/bulletin/MS02-012.asp > > > > > > Malformed Data Transfer Request can Cause Windows SMTP Service to > Fail > > > > > > Originally posted: February 27, 2002 > > > > > > Summary > > > > > > Who should read this bulletin: Customers using Microsoft(r) > Windows(r) > > > 2000 > > > Server and Professional, Windows XP Professional and Exchange Server > > 2000 > > > > > > Impact of vulnerability:Denial of Service > > > > > > Maximum Severity Rating:Low > > > > > > Recommendation:Customers who need the Windows 2000 SMTP services > > should > > > apply the patch; all others should disable the SMTP service. > > > > > > Affected Software: > > > - Microsoft Windows 2000 > > > - Microsoft Windows XP Professional > > > - Microsoft Exchange 2000 > > > > > > Technical description: > > > > > > An SMTP service installs by default as part of Windows 2000 server > > > products. > > > Exchange 2000, which can only be installed on Windows 2000, uses the > > > native > > > Windows 2000 SMTP service rather than providing its own. In > addition, > > > Windows 2000 and Windows XP workstation products provide an SMTP > > service > > > that is not installed by default. All of these implementations > > contain a > > > flaw that could enable denial of service attacks to be mounted > against > > the > > > service. > > > > > > The flaw involves how the service handles a particular type of SMTP > > > command > > > used to transfer the data that constitutes an incoming mail. By > > sending a > > > malformed version of this command, an attacker could cause the SMTP > > > service > > > to fail. This would have the effect of disrupting mail services on > the > > > affected system, but would not cause the operating system itself to > > fail. > > > > > > Mitigating factors: > > > - Windows XP Home Edition does not provide an SMTP service, and is > not > > > affected by the vulnerability. > > > - Windows 2000 Professional and Windows XP Professional do provide > an > > SMTP > > > service, but it is not installed by default. > > > - Windows 2000 server products do install the SMTP service by > default. > > > However, best practices recommend disabling any unneeded services, > and > > > systems on which the SMTP service had been disabled would not be at > > risk. > > > - Exchange 5.5, even if installed on a Windows 2000 server, is not > > > affected > > > by the vulnerability. > > > - The result of an attack would be limited to disrupting the SMTP > > service > > > and, depending on the system configuration, potentially IIS and > other > > > internet services as well. However, it would not disrupt any other > > system > > > functions. > > > - The vulnerability would not enable an attacker to gain any > > privileges on > > > the affected system or to access users' email or data. > > > > > > Vulnerability identifier: CAN-2002-0055 > > > > > > > > > > > > This email is sent to NTBugtraq automatically as a service to my > > > subscribers. Since its programmatically created, and since its been > a > > long > > > time since anyone paid actual money for my programming skills, it > may > > or > > > may > > > not look that good...;-] > > > > > > I can only hope that the information it does contain can be read > well > > > enough > > > to serve its purpose. > > > > > > Cheers, > > > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > > > > > > > oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo > > oo > > > oo > > > Delivery co-sponsored by Qualys - Make Your Network Secure > > > > > > oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo > > oo > > > oo > > > Go Beyond PARTIAL Security: FREE White Paper > > > > > > Stop hassling with half-baked ENTERPRISE SECURITY. > > > FREE White Paper shows you how to ensure TOTAL security for your > > Internet > > > perimeter with the most current and most complete PROACTIVE > > Vulnerability > > > Assessment solution. Get your FREE White Paper now. Click here! > > > https://www.qualys.com/forms/techwhite_86.html > > > > > > oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo > > oo > > > oo > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
