dcsimg

'Critical' Exploit Detected in Exchange 2000

By Ryan Naraine (Send Email)
Posted May 30, 2002


A team of German researchers has found a flaw that could cause severe overload on Microsoft Exchange 2000 e-mail servers and the software giant Thursday issued a patch to plug the exploit.

In its latest security bulletin, Microsoft said researchers from the Johannes Gutenberg University in Mainz, Germany detected a denial of service exploit with Exchange 2000 that could cause an attacker to overload the CPU storage space on an e-mail server. Microsoft issues a patch for bugs within Microsoft Exchange 2000 e-mail servers that could cause denial of service attacks.

Microsoft said the flaw was found in the way Exchange 2000 handled certain malformed RFC message attributes on received mail. "Upon receiving a message containing such a malformation, the flaw causes the Store service to consume 100% of the available CPU in processing the message," Microsoft explained.

It said the vulnerability results because it is possible for an attacker to seek to exploit this flaw and mount a denial-of-service attack.

"An attacker could attempt to levy an attack by connecting directly to the Exchange server and passing a raw, hand-crafted mail message with a specially malformed attribute. When the message was received and processed by the Store service, the CPU would spike to 100%. The effects of the attack would last as long as it took for the Exchange Store service to process the message. Neither restarting the service nor rebooting the server would remedy the denial of service," the company warned.

Even though Microsoft described the vulnerability as "critical," it said the effect of an attack would only be temporary. "Once the server completed processing the message, normal operations would resume. However, it is not possible to halt the processing of the message once begun, even with a reboot," the company said. The vulnerability would not compromise data on the server or gain administrative control over it.

"Mounting a successful attack requires the ability to pass a hand-crafted message to the target system, most likely through a simulated server-based connection. It is not possible to craft a malformed message using an email client such as Outlook or Outlook Express," Microsoft added.

This article was first published on InternetNews, an internet.com site.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.