'Critical' Exploit Detected in Exchange 2000
Microsoft issues a patch for bugs within Microsoft Exchange 2000 e-mail servers that could cause denial of service attacks.
In its latest security bulletin, Microsoft said researchers from the Johannes Gutenberg University in Mainz, Germany detected a denial of service exploit with Exchange 2000 that could cause an attacker to overload the CPU storage space on an e-mail server.
Microsoft said the flaw was found in the way Exchange 2000 handled certain malformed RFC message attributes on received mail. "Upon receiving a message containing such a malformation, the flaw causes the Store service to consume 100% of the available CPU in processing the message," Microsoft explained.
It said the vulnerability results because it is possible for an attacker to seek to exploit this flaw and mount a denial-of-service attack.
Even though Microsoft described the vulnerability as "critical," it said the effect of an attack would only be temporary. "Once the server completed processing the message, normal operations would resume. However, it is not possible to halt the processing of the message once begun, even with a reboot," the company said. The vulnerability would not compromise data on the server or gain administrative control over it.
"Mounting a successful attack requires the ability to pass a hand-crafted message to the target system, most likely through a simulated server-based connection. It is not possible to craft a malformed message using an email client such as Outlook or Outlook Express," Microsoft added.
This article was first published on InternetNews, an internet.com site.