MailUtilities HOME    SOLUTIONS    PRESS ROOM    FOR PARTNERS    SEARCH/SITEMAP    SUPPORT
Products Products
 • Advanced Email Extractor
Plugins:
WebForm Authorization
USA Geo Search
Fax Search
Employers Search
MetaTags Explorer
LDAP Plugin

 • Advanced Direct Remailer
 • High Speed Verifier
 • Advanced Maillist Verify
 • Mailing List Wizard
 • Advanced Email Locator
 • Advanced Maillist Manager
 • Adv. Attachments Processor
 • Adv. Mailbox Processor

 • Advanced Email Parser


Outlook Express Utilities
 • Email Extractor
 • Email Address Extractor
 • Attachments Extractor

Outlook Utilities
 • Email Extractor
 • Email Address Extractor
 • Attachments Extractor

Eudora Utilities
 • Email Extractor
 • Email Address Extractor
 • Attachments Extractor

Incredimail Utilities
 • Email Extractor
 • Email Address Extractor
 • Attachments Extractor
Downloads Downloads
Purchase Purchase
Free services Free services
Our newsletters Our newsletters
Support Support
Anti-Spam policy Anti-Spam policy





Search Google
Microsoft: Exchange flawed - E-mail server software vulnerable to hackers

May 30, 2002 

A flaw found in Microsoft Corp.'s e-mail routing software could allow hackers to blow a computer's mind with an indecipherable message.

The flaw, which the company announced yesterday, was discovered in early May in Microsoft Exchange 2000, the server software that passes millions of e-mails over the Internet. If the flaw were exploited, a hacker could send a message that would tie up an e-mail server's full processing power for hours on end.

The result would be a so-called ``denial-of-service'' attack -- a shutdown of any affected e-mail server.

``What makes this more serious than an average denial-of-service attack,'' said Christopher Budd, a program manager in Microsoft's security response center, ``is that if you restart the mail server to clear the bad message, that will not succeed. When you restart, the mail server will immediately begin processing that message again.''

The Redmond software maker issued a security alert yesterday that rated the flaw ``critical.'' But Christopher Budd, a program manager at Microsoft's security response center, said the company had no reports of any incidents involving the flaw.

Researchers at the Johannes Gutenberg University in Mainz, Germany, discovered the flaw and reported it to Microsoft earlier this month.

Budd said taking advantage of the flaw requires programming experience with SMTP, the Simple Mail Transfer Protocol used for Internet mail. The flaw exists in two particular specifications of that protocol -- called RFC 821 and 822 -- which determine the structure of an e-mail's attributes, such as what data can be put in the ``to'' and ``from'' lines and what data the computer fills in, such as the time.

The problem with Microsoft Exchange 2000, which was shipped in October 2000, is that it can accept information in the wrong place.

``When Exchange receives it and tries to process it, the (computer's) processors will spike to 100 percent,'' Budd explained.

With the patch that Microsoft released yesterday, he added, ``Exchange will get the message, look at the attribute in question and, if it's malformed, it will just throw it away.''

The patch is available at www.microsoft.com/technet/security/bulletin/ms02-025.asp.

by Cydney Gillis, Journal Business Reporter. Copyright © 2002 Horvitz Newspapers, Inc.


« Back to the news list
Announcements





You must authorize to reach technical support.
Copyright © 1999-2007 MailUtilities.Com All rights reserved.