RE: MS02-012/Q313450

From: Michael Ward (Mward@roseglen.com)
Date: 03/01/02


Date: Fri, 1 Mar 2002 12:39:45 -0500
From: "Michael Ward" <Mward@roseglen.com>
To: "Mike Carney" <mcar@haestad.com>, "Stuart Fox (DSL AK)" <StuartF@datacom.co.nz>, "Lee Leahu" <lee@ricis.com>, "Bill Mote" <bill.mote@mem.com>, <focus-ms@securityfocus.com>

From what I gather you don't need to install the patch for Exchange
2000, just Exchange 5.5.

-----Original Message-----
From: Mike Carney [mailto:mcar@haestad.com]
Sent: Thursday, February 28, 2002 6:12 PM
To: Stuart Fox (DSL AK); Lee Leahu; Bill Mote;
focus-ms@securityfocus.com
Subject: RE: MS02-012/Q313450

Exchange 2000 uses the SMTP engine that comes installed with IIS.

-----Original Message-----
From: Stuart Fox (DSL AK) [mailto:StuartF@datacom.co.nz]
Sent: Thursday, February 28, 2002 4:28 PM
To: 'Lee Leahu'; Bill Mote; focus-ms@securityfocus.com
Subject: RE: MS02-012/Q313450

It looks like a bundled IIS fix - as the SMTP server is a component of
IIS,
it seems they're bundling the lot together.

> -----Original Message-----
> From: Lee Leahu [mailto:lee@ricis.com]
> Sent: Friday, 1 March 2002 7:58 a.m.
> To: Bill Mote; focus-ms@securityfocus.com
> Subject: RE: MS02-012/Q313450
>
>
> Ok, that makes sense,
> but why do you need ntfsdrv.dll????
>
> Lee
> lee@ricis.com
>
>
> Bill wrote:
> asp.dll might need patching to fix CDONTS. That's my best guess. bm
>
> -----Original Message-----
> From: Vladimir Ivanov [mailto:vivanov@tmsoft-ltd.kiev.ua]
> Sent: Thursday, February 28, 2002 8:30 AM
> To: focus-ms@securityfocus.com
> Subject: MS02-012/Q313450
>
> Hi All!
> "Microsoft has released a patch for Windows 2000 that will
> eliminate a
> vulnerability that exists because a malicious user could
> issue a specially
> formatted, non-RFC compliant SMTP command that will result in
> a Denial of
> Service attack. This would be carried out more typically
> through a custom
> application where the malformed data would cause the SMTP
> service to fail.
> Download now to prevent a possible Denial of Service Attack."
> Patch is available to download:
> http://download.microsoft.com/download/win2000platform/Patch/Q
313450/NT5/EN-
US/Q313450_W2K_SP3_X86_EN.exe
I just download this patch and look at the files containted into it:
symbols/
aqueue.dll
asp.dll ????????
fscfg.dll
ftpctrs2.dll
ftpmib.dll
hotfix.exe
hotfix.inf
httpmib.dll
infoadmn.dll
infocomm.dll
isatq.dll
mailmsg.dll
ntfsdrv.dll ??????
smtpsvc.dll
sp3.cat
spmsg.dll
w3ctrs.dll
Does anybody know
what asp.dll and ntfsdrv.dll doing in this patch ?
Thanx.
Vladimir Ivanov