---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Exchange / Windows SMTP Service Two Vulnerabilities SECUNIA ADVISORY ID: SA39376 VERIFY ADVISORY: http://secunia.com/advisories/39376/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows and Exchange Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or gain knowledge of sensitive information. 1) An error in the SMTP service when parsing DNS Mail Exchanger (MX) records can be exploited to cause the service to stop responding until a specially crafted message is removed from the queue and the service is restarted. 2) A memory allocation error in the SMTP component when interpreting SMTP responses can be exploited to disclose random e-mail message fragments by sending invalid commands followed by the STARTTLS command. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=88A0E872-01DE-495B-8EEC-D105A970DAA7 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=DE447B76-EC89-426B-AC54-3AE3855D1159 Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=4F9A696D-2712-4777-A642-E78A38336E8A Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=F781E9E4-87D4-4243-9D44-256424D75FEC Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=644FF070-237B-4A73-B2E2-9FFFDAFA3927 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=56C8238D-8B04-4AA5-8719-40550CD7325C Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=E29EAD69-000A-4982-A25C-F3981EDA381A Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?familyid=8F922E64-E3A6-46FE-9A81-B2813EA6A330 Windows Server 2008 R2 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=EB27CD2B-D514-4405-8650-259A42E35155 Microsoft Exchange Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=bc8391f8-5335-496b-ad4c-bae38509be4a PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-024 (KB976323, KB976702, KB981407, KB981832): http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------