Win2K becomes a spam relay
PrintSMTP authentication out of control
Posted in Software, 6th July 2001 08:11 GMT
Free whitepaper – Ensuring high service levels in cloud computing
A flaw in the Win-2K SMTP (Simple Mail Transfer Protocol) authentication scheme allows unauthorized users to access the system using bogus credentials and bounce spam and death threats off unwitting users' machines with impunity.
"An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server," an MS security bulletin explains.
SMTP service is installed by default on Win2K server, and can be enabled by choice on Win-2K Pro. The vulnerability affects only stand-alone machines. W2K machines configured as domain members are not affected. The SMTP services in NT 4.0, Exchange 5.5 and Exchange 2K are also not affected.
Technical details are quite sketchy at the moment, but MS says they will post additional information by way of Knowledge Base article Q302755 within 24 hours. It was not available at press time. ®
Analyst Keynote: The Register Agile Data Center Summit
Market Primer: ERP Systems
SharePoint Server 2007 Server Farm Use Case
The Register Agile Data Center Summit
Buyer's Guide: ERP Systems
Windows 7 - Microsoft minus the martyrdom
Open sourcers aim selves at US gov
Google, Microsoft, and Amazon - the cloud dating game
Microsoft's Silverlight 4 - Flash developers need not apply