To support the exchange of mail with heterogeneous systems, Exchange messages use the attributes of SMTP mail messages that are specified by RFC's 821 and 822. There is a flaw in the way Exchange 2000 handles certain malformed RFC message attributes on received mail. Upon receiving a message containing such a malformation, the flaw causes the Store service to consume 100% of the available CPU in processing the message.
A security vulnerability results because it is possible for an attacker to seek to exploit this flaw and mount a denial of service attack. An attacker could attempt to levy an attack by connecting directly to the Exchange server and passing a raw, hand-crafted mail message with a specially malformed attribute. When the message was received and processed by the Store service, the CPU would spike to 100%. The effects of the attack would last as long as it took for the Exchange Store service to process the message. Neither restarting the service nor rebooting the server would remedy the denial of service.
Read more
A security vulnerability results because it is possible for an attacker to seek to exploit this flaw and mount a denial of service attack. An attacker could attempt to levy an attack by connecting directly to the Exchange server and passing a raw, hand-crafted mail message with a specially malformed attribute. When the message was received and processed by the Store service, the CPU would spike to 100%. The effects of the attack would last as long as it took for the Exchange Store service to process the message. Neither restarting the service nor rebooting the server would remedy the denial of service.
Read more
Symantec has released a new virus definitions update for Norton Antivirus.
Microsoft has released a patch for the Authentication Flaw in Windows Debugger can Lead to Elevated Privileges issue
Newnham women's college, Cambridge, has banned Microsoft Outlook and Outlook Express because it is tired of cleaning up after virus attacks.
Read more
Read more
McAfee Virus definitions has been updated to version 4204.
Symantec has released a new virus definitions update for Norton Antivirus. Thanks Lee.
A new worm that targets Microsoft's SQL Server database management software has inundated networks with thousands of scans for vulnerable servers, system administrators said Tuesday.
Read more
Read more
MooSoft has released a new trojan definitions update for The Cleaner
MooSoft has posted an update for TCActive!
MooSoft has released a new trojan definitions datebase update for The Cleaner
The patch, which was released late Wednesday, is designed to fix a cross-site scripting problem and other security and privacy flaws affecting Internet Explorer (IE) versions 5.01 through 6 and the Outlook e-mail client.
However, the patch only fixes the cross-site scripting issue on one of the listed browsers, according to two security researchers who sent e-mail to the Bugtraq security e-mail list after the patch's release.
Read more
However, the patch only fixes the cross-site scripting issue on one of the listed browsers, according to two security researchers who sent e-mail to the Bugtraq security e-mail list after the patch's release.
Read more
Symantec has released a new virus definitions update for Norton Antivirus.
McAfee Virus definitions has been updated to version 4203. Thanks Walter.
Microsoft has released a new Cumulative Patch for Internet Explorer
MooSoft has posted a new trojan definitions update for The Cleaner
Symantec has released a new virus definitions update for Norton Antivirus.
McAfee Virus definitions has been updated to version 4202
Microsoft has released a security patch for MSN Chat, MSN Messenger, and Exchange Instant Messenger