Reported May 29, 2002, by Microsoft.



·         Microsoft Exchange 2000 Server



A Denial of Service (DoS) condition exists in Exchange 2000. This vulnerability stems from a problem in the way Exchange 2000 handles certain malformed Request for Comments (RFC) message attributes on received mail. An attacker can use these malformed messages to cause the Store service to consume 100 percent of CPU resources until the mail message is processed. Because the Exchange server still would have to process the malformed message, rebooting the server or restarting the service would have no effect on reducing the amount of consumed CPU resources.


The vendor, Microsoft, has released Security Bulletin MS02-025 to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.


Discovered by Mr. Allendoerfer, Mr. Koenig, Mr. Kraemer, Mr. Schaal and Mr. Tacke of the Computing Center, Johannes Gutenberg University, Mainz, Germany.