RE: MS02-012/Q313450
From: Michael Ward (Mward@roseglen.com)Date: 03/01/02
- Previous message: Marc Fossi: "IIS SMTP component allows mail relaying via Null Session"
- Maybe in reply to: Mike Carney: "RE: MS02-012/Q313450"
- Next in thread: Garcia, Victor (MX): "RE: MS02-012/Q313450"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Mar 2002 12:39:45 -0500 From: "Michael Ward" <Mward@roseglen.com> To: "Mike Carney" <mcar@haestad.com>, "Stuart Fox (DSL AK)" <StuartF@datacom.co.nz>, "Lee Leahu" <lee@ricis.com>, "Bill Mote" <bill.mote@mem.com>, <focus-ms@securityfocus.com>
From what I gather you don't need to install the patch for Exchange
2000, just Exchange 5.5.
-----Original Message-----
From: Mike Carney [mailto:mcar@haestad.com]
Sent: Thursday, February 28, 2002 6:12 PM
To: Stuart Fox (DSL AK); Lee Leahu; Bill Mote;
focus-ms@securityfocus.com
Subject: RE: MS02-012/Q313450
Exchange 2000 uses the SMTP engine that comes installed with IIS.
-----Original Message-----
From: Stuart Fox (DSL AK) [mailto:StuartF@datacom.co.nz]
Sent: Thursday, February 28, 2002 4:28 PM
To: 'Lee Leahu'; Bill Mote; focus-ms@securityfocus.com
Subject: RE: MS02-012/Q313450
It looks like a bundled IIS fix - as the SMTP server is a component of
IIS,
it seems they're bundling the lot together.
> -----Original Message-----
> From: Lee Leahu [mailto:lee@ricis.com]
> Sent: Friday, 1 March 2002 7:58 a.m.
> To: Bill Mote; focus-ms@securityfocus.com
> Subject: RE: MS02-012/Q313450
>
>
> Ok, that makes sense,
> but why do you need ntfsdrv.dll????
>
> Lee
> lee@ricis.com
>
>
> Bill wrote:
> asp.dll might need patching to fix CDONTS. That's my best guess. bm
>
> -----Original Message-----
> From: Vladimir Ivanov [mailto:vivanov@tmsoft-ltd.kiev.ua]
> Sent: Thursday, February 28, 2002 8:30 AM
> To: focus-ms@securityfocus.com
> Subject: MS02-012/Q313450
>
> Hi All!
> "Microsoft has released a patch for Windows 2000 that will
> eliminate a
> vulnerability that exists because a malicious user could
> issue a specially
> formatted, non-RFC compliant SMTP command that will result in
> a Denial of
> Service attack. This would be carried out more typically
> through a custom
> application where the malformed data would cause the SMTP
> service to fail.
> Download now to prevent a possible Denial of Service Attack."
> Patch is available to download:
> http://download.microsoft.com/download/win2000platform/Patch/Q
313450/NT5/EN-
US/Q313450_W2K_SP3_X86_EN.exe
I just download this patch and look at the files containted into it:
symbols/
aqueue.dll
asp.dll ????????
fscfg.dll
ftpctrs2.dll
ftpmib.dll
hotfix.exe
hotfix.inf
httpmib.dll
infoadmn.dll
infocomm.dll
isatq.dll
mailmsg.dll
ntfsdrv.dll ??????
smtpsvc.dll
sp3.cat
spmsg.dll
w3ctrs.dll
Does anybody know
what asp.dll and ntfsdrv.dll doing in this patch ?
Thanx.
Vladimir Ivanov
- Previous message: Marc Fossi: "IIS SMTP component allows mail relaying via Null Session"
- Maybe in reply to: Mike Carney: "RE: MS02-012/Q313450"
- Next in thread: Garcia, Victor (MX): "RE: MS02-012/Q313450"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
