Microsoft Windows SMTP Service Authorization Bypass Vulnerability

Microsoft Windows SMTP Service Authorization Bypass Vulnerability

Solution:
Microsoft has released fixes which address this issue. The fix for Microsoft Windows 2000 will be incorporated in Service Pack 3.

Microsoft has released an updated advisory MS02-011 dealing with this issue. The updated advisory contains fixes for the Exchange Server. Please see the referenced updated advisory for more information and details on obtaining fixes.

Microsoft Exchange Server 5.0 SP2

Microsoft Security Update for Exchange 5.0 (KB834130)
http://www.microsoft.com/downloads/details.aspx?FamilyId=164610A4-AAFC -40AC-85CA-349DBDBE1731&displaylang=en

Microsoft Windows 2000 Server SP2

Microsoft Q313450_W2K_SP3_X86_EN.exe
This fix may only be applied to Microsoft Windows 2000 systems running Service Pack 2.
http://download.microsoft.com/download/win2000platform/Patch/Q313450/N T5/EN-US/Q313450_W2K_SP3_X86_EN.exe

Microsoft Windows 2000 Advanced Server SP2

Microsoft Q313450_W2K_SP3_X86_EN.exe
This fix may only be applied to Microsoft Windows 2000 systems running Service Pack 2.
http://download.microsoft.com/download/win2000platform/Patch/Q313450/N T5/EN-US/Q313450_W2K_SP3_X86_EN.exe

Microsoft Exchange Server 5.5 SP4

Microsoft Q289258engi386.EXE
This fix may be applied to systems running Microsoft Exchange Server 5.5 Service Pack 4.
http://download.microsoft.com/download/exch55/Patch/05.05.55.2655/NT45 /EN-US/Q289258engi386.EXE

Microsoft Windows 2000 Professional SP2

Microsoft Q313450_W2K_SP3_X86_EN.exe
This fix may only be applied to Microsoft Windows 2000 systems running Service Pack 2.
http://download.microsoft.com/download/win2000platform/Patch/Q313450/N T5/EN-US/Q313450_W2K_SP3_X86_EN.exe