Tech Alert Briefing for 5/31/2002

Microsoft Issues Critical Warning Regarding Exchange Server

The latest vulnerability affecting Microsoft software impacts itsExchange 2000 email server.Malformed messages created usingcommon SMTP email programs can cause the CPU of the exchange serverreceiving the message to exceed its peak capacity as it attempts to readthe message. The results are similar to a denial-of-service attack,with the affected server unable to do anything until itfinishes processing the message.

Microsoft assigned this newly discovered flaw a "critical" ratingbecause once the attack starts, it can't be stopped, even if theExchange server is restarted or the server rebooted.

Microsoft urged system administrators to promptly patch anyExchange 2000 servers.

The patch is available at:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-025.asp

If your institution runs Microsoft Exchange server please route this advisory to the appropriate person.

Previous Tech Alerts:
05/22/02 Microsoft SQL Spida Worm Slows Network Traffic
05/15/02 Virus Hoax 'JDBGMGR.EXE' Spreading Rapidly Thoughout Net
04/25/02 Klez Worm Reels in Banks with its Bait
04/11/02 Ten New Vulnerabilities Discovered in Microsoft IIS Server
04/09/02 New Virus Hoax Circulating Around Net
03/22/02 MyLife.B Virus Makes Its Way Around the Net
03/21/02 Microsoft Updates Its Warning on Critical Windows Vulnerability
03/14/02 New Virus (W32/Fbound-C) Spreading Rapidly in the Wild
03/08/02 Unauthorized E-Mail Scam Attempts to Steer Unwitting Customers to Fraudulent Bank Web Site
03/06/02 Klez-E Worm and W32.Gibe Virus Warnings
03/01/02 CERT Issues Warning on PHP Scripting Language Flaw
02/27/02 CERT Issues Warning on Internet Explorer and Outlook Flaw
02/22/02 SNMP Patches and Detection Tools Available
02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed