Re: Microsoft Security Bulletin MS02-025

From: cbla (cbland@hotmail.com)
Date: 05/29/02 

From: "cbla" <cbland@hotmail.com>
Date: Wed, 29 May 2002 17:26:24 -0300

Thanks for trying but it was this article that prompted my questions.

Will there be a patch to correct this for SP1 versions or do I have to
upgrade my entire Exchange organization to SP2 in order to apply this patch?

"Jerry Bryant [MS]" <jbryant@online.microsoft.com> wrote in message
news:OKyY020BCHA.1432@tkmsftngp04...
> Title: Malformed Mail Attribute can Cause Exchange 2000 to
> Exhaust CPU Resources (Q320436)
> Date: 29 May 2002
> Software: Microsoft Exchange
> Impact: Denial of Service
> Max Risk: Critical
> Bulletin: MS02-025
>
> Microsoft encourages customers to review the Security Bulletin at:
> http://www.microsoft.com/technet/security/bulletin/MS02-025.asp.
> - ----------------------------------------------------------------------
>
> Issue:
> ======
> To support the exchange of mail with heterogeneous systems,
> Exchange messages use the attributes of SMTP mail messages that are
> specified by RFC's 821 and 822. There is a flaw in the way Exchange 2000
> handles certain malformed RFC message attributes on received mail. Upon
> receiving a message containing such a malformation, the flaw causes the
> Store service to consume 100% of the available CPU in processing the
> message.
>
> A security vulnerability results because it is possible for an attacker to
> seek to exploit this flaw and mount a denial of service attack. An
attacker
> could attempt to levy an attack by connecting directly to the Exchange
> server and passing a raw, hand-crafted mail message with a specially
> malformed attribute. When the message was received and processed by the
> Store service, the CPU would spike to 100%. The effects of the attack
would
> last as long as it took for the Exchange Store service to process the
> message. Neither restarting the service nor rebooting the server would
> remedy the denial of service.
>
> Mitigating Factors:
> ====================
> - The effect of an attack via this vulnerability would be
> temporary. Once the server completed processing the
> message, normal operations would resume. However, it
> is not possible to halt the processing of the message
> once begun, even with a reboot.
>
> - The vulnerability does not provide any capability to
> compromise data on the server or gain administrative
> control over it.
>
> - Mounting a successful attack requires the ability to pass a
> hand-crafted message to the target system, most likely through
> a simulated server-based connection. It is not possible to
> craft a malformed message using an email client such as
> Outlook or Outlook Express.
>
> Risk Rating:
> ============
> - Internet systems: Critical
> - Intranet systems: Critical
> - Client systems: None
>
> Patch Availability:
> ===================
> - A patch is available to fix this vulnerability. Please read the
> Security Bulletin at
> http://www.microsoft.com/technet/security/bulletin/ms02-025.asp
> for information on obtaining this patch.
>
> Acknowledgment:
> ===============
> - Mr. Allendoerfer (allendoerfer@uni-mainz.de);
> Mr. Koenig (koenig@uni-mainz.de);
> Mr. Kraemer (kraemer@uni-mainz.de);
> Mr. Schaal (schaal@uni-mainz.de);
> Mr. Tacke (tacke@uni-mainz.de) of the Computing Center,
> Johannes Gutenberg University Mainz, Germany
> - ---------------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
> WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
> WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
> EVENT
> SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
> WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
> BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS
> SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES
> DO
> NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR
> INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
>
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>

Relevant Pages

  • Microsoft Security Bulletin MS02-025
    ... Software: Microsoft Exchange ... receiving a message containing such a malformation, ... seek to exploit this flaw and mount a denial of service attack. ...
    (microsoft.public.security)
  • Re: Exchange 2003 crashing
    ... I called Microsoft and got the hotfix. ... >A friend of mine recieved a patch from MS this morning. ... It appears to be a metabase patch for win2003. ... >> I have two Exchange 2003 servers in two different offices. ...
    (microsoft.public.exchange.admin)
  • Re: Microsoft Security Bulletin(s) for 5/9/2006
    ... In line with Microsoft's Security Update Advisor monthly patch update ... have plans on releasing a patch on May 9, 2006 for Exchange 2000 Server ... an impact on third party products such as BlackBerry Enterprise Server ... RIM, in conjunction with Microsoft, has provided configuration settings ...
    (microsoft.public.exchange.admin)
  • Re: Exchange security update prevents updating of shared calendars
    ... If you upgrade to Exchange 2003 SP2, ... security patch to our Exchange server. ... functionality for Entourage users that have implemented calendar sharing. ... Please Microsoft - have testers TEST ALL your clients. ...
    (microsoft.public.mac.office.entourage)
  • Re: Exchange 2003 crashing
    ... Two days since I installed the patch and it is still working well. ... received no hint from the Microsoft person about any potential cause. ... >I have two Exchange 2003 servers in two different offices. ...
    (microsoft.public.exchange.admin)