• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Microsoft Exchange and Windows SMTP Service DoS Vulnerability

April 13, 2010 By The Editor

Summary:

  • This vulnerability affects: All current versions of Exchange Server and many versions of Windows
  • How an attacker exploits it: By sending specially crafted network traffic (malicious DNS MX record responses)
  • Impact: Multiple impacts, in the worst case an attacker can crash your mail server, preventing you from receiving email
  • What to do: Deploy the appropriate Exchange Server or Windows patch as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Microsoft Exchange is one of the most popular email servers used today. Exchange is a stand-alone program, separate from Windows, however, many versions of Windows also ship with a basic SMTP service to receive email as well.

In a security bulletin released today, Microsoft describes two security vulnerabilities that affect all current versions of Exchange, as well as the SMTP service that ships with many versions of Windows. The worst of these flaws has to do with how Exchange handles specially crafted DNS Mail Exchanger (MX) records. Basically, the SMTP service will hang indefinitely when it attempts to parse a specially crafted MX record. In order to exploit this vulnerability, an attacker would have to setup a malicious DNS Server for a domain they controlled. Then the attacker would have to send you an email containing addresses from that domain. When your mail server tries to request the MX record associated with this domain, it encounters the attackers specially crafted MX record, and will hang until you manually reboot it. This results in a Denial of Service (DoS) situation for email.

Microsoft’s bulletin also describes a lower risk information disclosure vulnerability in Exchange. By sending specially crafted SMTP commands, an attacker may be able to retrieve random email fragments from your server’s memory. We recommend you download an install the Exchange and Windows updates as soon as possible, in order to fix both these issues.

Solution Path:

Microsoft has released patches to fix these vulnerabilities. You should download, test, and deploy the appropriate Exchange and Windows patches as soon as possible.

  • Exchange Server 2000
  • Exchange Server 2003
  • Exchange Server 2007 w/SP1
  • Exchange Server 2007 w/SP2
  • Exchange Server 2010
  • SMTP Service Update for:
    • Windows 2000
    • Windows XP
    • Windows XP x64
    • Windows Server 2003
    • Windows Server 2003 x64
    • Windows Server 2003 Itanium
    • Windows Server 2008
    • Windows Server 2008 x64
    • Windows Server 2008 R2 x64

For All WatchGuard Users:

An attacker can exploit the worst of these vulnerabilities by sending normal emails, which you must allow through your firewall if you have an internal email server. Therefore, the patches above are your best solution.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

  • MS Security Bulletin MS10-024

Share This:

Related

Filed Under: Security Bytes Tagged With: DoS, exchange, Microsoft, smtp

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use