Microsoft issues spam patch for Windows 2000
Microsoft Corp. issued a security bulletin late last week warning of a hole in the Windows 2000 operating system that allows intruders to relay spam e-mail from a remote PC.
The Redmond, Washington, software maker acknowledged the vulnerability, which was discovered in the Windows 2000 Simple Mail Transfer Protocol (SMTP) service, a standard protocol used for sending and receiving e-mail. The company issued a patch for the hole, available for download from its Web site, and said it would be included in the Windows 2000 Service Pack 3.
Microsoft said the vulnerability could allow an unauthorized user to successfully authenticate to the SMTP service using false credentials, and gain user-level privileges. The most likely reason for exploiting the vulnerability, the company noted, would be to send unidentifiable bulk mail.
"This vulnerability results because of an authentication error in the Windows 2000 SMTP service that installs by default as part of Windows 2000 Server products and optionally on Windows 2000 Professional," Microsoft said in the bulletin. "Download (the patch) now to prevent a malicious user from using your computer for mail relaying."
PCs that are members of a domain or run on Microsoft's Exchange 2000 Server are not affected by the vulnerability, Microsoft said. Customers who use SMTP services on their machines should apply the patch. Those who don't should disable the service, the company said.
Microsoft, is available at +1-425-882-8080. The security bulletin is available online at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-037.asp/.
ITworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
