[Am-info] Windows SMTP Service Invalid Timestamp Denial of Service
Roy Bixler
rcb@bix.org
Wed, 16 Jul 2003 18:47:51 -0500
On Wed, Jul 16, 2003 at 06:57:55PM -0400, Fred A. Miller wrote:
<snip>
> DESCRIPTION:
> A vulnerability has been identified in Windows 2000 Server and
> Exchange Server 2000, which can be exploited by malicious people to
> cause a DoS (Denial of Service) on the SMTP service.
<snip>
> SOLUTION:
> Apply Windows 2000 Service Pack 4:
> http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp
>
> NOTE: This Service Pack also addresses multiple other issues. For a
> list of security fixes see:
> http://support.microsoft.com/default.aspx?kbid=821665
Yes, it may address "multiple other issues", but W2K SP4 itself has
issues. It is being likened to NT4 SP6, which notably broke some 3rd
party apps. See "http://www.w2knews.com/anecdotes.htm". I believe
what they say in the first paragraph:
The main thing I am emphasizing is that you need to TEST, TEST,
and TEST in a non-production environment FIRST.
is sage advice when applying omnibus fixes of this sort.
Regards,
R.