CVE-2010-0024

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 version SP4 Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Server 2008 versions Gold through SP2 and R2 Microsoft Exchange Server 2003 version SP2

Description A denial of service issue exists due to improper parsing of MX records by the SMTP component, allowing remote DNS servers to cause a service outage via a crafted response to a DNS MX record query. The vulnerability can be exploited without authentication by sending a specially crafted network message to a computer running the SMTP service, causing the SMTP service to stop responding until restarted.

Recommendations For Microsoft Windows 2000 SP4, update the SMTP component to prevent the vulnerability. For Microsoft Windows XP SP2 and SP3, update the SMTP component to prevent the vulnerability. For Microsoft Windows Server 2003 SP2, update the SMTP component to prevent the vulnerability. For Microsoft Windows Server 2008 Gold, SP2, and R2, update the SMTP component to prevent the vulnerability. For Microsoft Exchange Server 2003 SP2, update the SMTP component to prevent the vulnerability. As a temporary workaround, consider restarting the SMTP service after a denial of service incident to restore functionality.