RE: MS02-012/Q313450

From: Stuart Fox (DSL AK) (StuartF@datacom.co.nz)
Date: 02/28/02 

From: "Stuart Fox (DSL AK)" <StuartF@datacom.co.nz>
To: 'Lee Leahu' <lee@ricis.com>, Bill Mote <bill.mote@mem.com>, focus-ms@securityfocus.com
Date: Fri, 1 Mar 2002 10:28:01 +1300

It looks like a bundled IIS fix - as the SMTP server is a component of IIS,
it seems they're bundling the lot together.

> -----Original Message-----
> From: Lee Leahu [mailto:lee@ricis.com]
> Sent: Friday, 1 March 2002 7:58 a.m.
> To: Bill Mote; focus-ms@securityfocus.com
> Subject: RE: MS02-012/Q313450
>
>
> Ok, that makes sense,
> but why do you need ntfsdrv.dll????
>
> Lee
> lee@ricis.com
>
>
> Bill wrote:
> asp.dll might need patching to fix CDONTS. That's my best guess. bm
>
> -----Original Message-----
> From: Vladimir Ivanov [mailto:vivanov@tmsoft-ltd.kiev.ua]
> Sent: Thursday, February 28, 2002 8:30 AM
> To: focus-ms@securityfocus.com
> Subject: MS02-012/Q313450
>
> Hi All!
> "Microsoft has released a patch for Windows 2000 that will
> eliminate a
> vulnerability that exists because a malicious user could
> issue a specially
> formatted, non-RFC compliant SMTP command that will result in
> a Denial of
> Service attack. This would be carried out more typically
> through a custom
> application where the malformed data would cause the SMTP
> service to fail.
> Download now to prevent a possible Denial of Service Attack."
> Patch is available to download:
> http://download.microsoft.com/download/win2000platform/Patch/Q
313450/NT5/EN-
US/Q313450_W2K_SP3_X86_EN.exe
I just download this patch and look at the files containted into it:
symbols/
aqueue.dll
asp.dll ????????
fscfg.dll
ftpctrs2.dll
ftpmib.dll
hotfix.exe
hotfix.inf
httpmib.dll
infoadmn.dll
infocomm.dll
isatq.dll
mailmsg.dll
ntfsdrv.dll ??????
smtpsvc.dll
sp3.cat
spmsg.dll
w3ctrs.dll
Does anybody know
what asp.dll and ntfsdrv.dll doing in this patch ?
Thanx.
Vladimir Ivanov

Relevant Pages

  • RE: MS02-012/Q313450
    ... It looks like a bundled IIS fix - as the SMTP server is a component of IIS, ... > "Microsoft has released a patch for Windows 2000 that will ...
    (Focus-Microsoft)
  • Vulnerability Details for MS02-012
    ... Microsoft released a patch for a denial of service ... vulnerability in the Windows 2000 SMTP component. ... This bug affects all Windows 2000 systems running the SMTP service that have ...
    (Bugtraq)
  • RE: repost: problem compiling Managed Sink Wrapper for SMTP
    ... The same download also contains some c# source code ... that are sent by email can be replied to via email, and the web app would ... simply use the IIS SMTP server, since I don't expect Exchange will be ... the installer register an SMTP sink on the server so that the SMTP server ...
    (microsoft.public.exchange2000.development)
  • Re: Lost emails when using POP3 connector
    ... However for POP3 connector to work correctly you must check the scenario ... So my question is do I need to add this domain 123.com as a secondary SMTP ... being lost and not routed to the users mailbox. ... receive and download email from the domain abc.com to the same mailbox. ...
    (microsoft.public.windows.server.sbs)
  • Re: Up-to-date messages not reaching Mobile device
    ... Juggs Ravalia wrote: ... We have an updated patch for this problem that you can install on ... as SMS arrives just fine. ... packet trace of the SMTP session between my exchange ...
    (microsoft.public.pocketpc.activesync)