RE: MS02-012/Q313450

From: Michael Ward (Mward@roseglen.com)
Date: 03/01/02


Date: Fri, 1 Mar 2002 12:39:45 -0500
From: "Michael Ward" <Mward@roseglen.com>
To: "Mike Carney" <mcar@haestad.com>, "Stuart Fox (DSL AK)" <StuartF@datacom.co.nz>, "Lee Leahu" <lee@ricis.com>, "Bill Mote" <bill.mote@mem.com>, <focus-ms@securityfocus.com>

From what I gather you don't need to install the patch for Exchange
2000, just Exchange 5.5.

-----Original Message-----
From: Mike Carney [mailto:mcar@haestad.com]
Sent: Thursday, February 28, 2002 6:12 PM
To: Stuart Fox (DSL AK); Lee Leahu; Bill Mote;
focus-ms@securityfocus.com
Subject: RE: MS02-012/Q313450

Exchange 2000 uses the SMTP engine that comes installed with IIS.

-----Original Message-----
From: Stuart Fox (DSL AK) [mailto:StuartF@datacom.co.nz]
Sent: Thursday, February 28, 2002 4:28 PM
To: 'Lee Leahu'; Bill Mote; focus-ms@securityfocus.com
Subject: RE: MS02-012/Q313450

It looks like a bundled IIS fix - as the SMTP server is a component of
IIS,
it seems they're bundling the lot together.

> -----Original Message-----
> From: Lee Leahu [mailto:lee@ricis.com]
> Sent: Friday, 1 March 2002 7:58 a.m.
> To: Bill Mote; focus-ms@securityfocus.com
> Subject: RE: MS02-012/Q313450
>
>
> Ok, that makes sense,
> but why do you need ntfsdrv.dll????
>
> Lee
> lee@ricis.com
>
>
> Bill wrote:
> asp.dll might need patching to fix CDONTS. That's my best guess. bm
>
> -----Original Message-----
> From: Vladimir Ivanov [mailto:vivanov@tmsoft-ltd.kiev.ua]
> Sent: Thursday, February 28, 2002 8:30 AM
> To: focus-ms@securityfocus.com
> Subject: MS02-012/Q313450
>
> Hi All!
> "Microsoft has released a patch for Windows 2000 that will
> eliminate a
> vulnerability that exists because a malicious user could
> issue a specially
> formatted, non-RFC compliant SMTP command that will result in
> a Denial of
> Service attack. This would be carried out more typically
> through a custom
> application where the malformed data would cause the SMTP
> service to fail.
> Download now to prevent a possible Denial of Service Attack."
> Patch is available to download:
> http://download.microsoft.com/download/win2000platform/Patch/Q
313450/NT5/EN-
US/Q313450_W2K_SP3_X86_EN.exe
I just download this patch and look at the files containted into it:
symbols/
aqueue.dll
asp.dll ????????
fscfg.dll
ftpctrs2.dll
ftpmib.dll
hotfix.exe
hotfix.inf
httpmib.dll
infoadmn.dll
infocomm.dll
isatq.dll
mailmsg.dll
ntfsdrv.dll ??????
smtpsvc.dll
sp3.cat
spmsg.dll
w3ctrs.dll
Does anybody know
what asp.dll and ntfsdrv.dll doing in this patch ?
Thanx.
Vladimir Ivanov



Relevant Pages

  • RE:Mytob Mass Mailing Worm
    ... Since the virus has it's own smtp and uses spoofed email addresses and is ... have also installed Groupshield for Exchange which sits at the Exchange MTA. ... they should be able to eradicate your worm if you install them everywhere. ... Likely virus is not using Exchange to spread ("The worm uses its own SMTP ...
    (microsoft.public.exchange.admin)
  • Re: WSS v3 SMTP Incoming Email settings
    ... I haven't tried to setup the email without Exchange but it should ... I did a fairly straight forward side by side install per the MS doc but ... 2005 server on the SBS box. ... The SMTP server doesn't show up under IIS ...
    (microsoft.public.windows.server.sbs)
  • Re: Up-to-date messages not reaching Mobile device
    ... We have an updated patch for this problem that you can install on the ... Exchange Server. ... Regular messages sent to the phone> as SMS arrives just fine. ... So, in an attempt to figure out> why the SMS never arrives on my phone, I captured a> packet trace of the SMTP session between my exchange ...
    (microsoft.public.pocketpc.activesync)
  • Re: Exchange 2003 does not restart after W2k3SP1
    ... This problem may be caused by that the service account permission has been ... Before restarting Exchange server, ... i got the 898060 patch from Microsoft today. ... I will find it and install it. ...
    (microsoft.public.exchange.admin)
  • Re: SBS2003 Email replies not coming back from removed domain - read on . . .
    ... Initially, when the server was spec'd, all 3 sites were to be in one domain ... > exchange alias and can be seen through GAL with external SMTP address. ... the Exchange can be used to host shared different SMTP ... > suggestions on install SP1: ...
    (microsoft.public.windows.server.sbs)