Another day, another security problem for Microsoft: This time around, it's Exchange Server 5.0/5.5 that's in trouble. The bug, which Microsoft dubs "Potential SMTP and NNTP Denial-of-Service Vulnerabilities in Exchange Server," allows a malicious user to shut down the Exchange Server, causing it to stop sending and receiving Email. The bug was found by Internet Security Systems, which alerted Microsoft.
"As more companies use BackOffice as a critical component of network and enabling E-commerce, Exchange becomes a more important application to understand from a security standpoint," said Chris Klaus, the CTO of Internet Security Systems. "I think we'll continue to find more flaws in the near term and long term within these applications."
Microsoft has issued a security bulletin about the problem on its Security Web site. A hot-fix is available now from their FTP site.
This week has been a tough one for Microsoft when it comes to security problems. Earlier, a bug in its Outlook 98 and Outlook Express email clients forced Microsoft to issue patches for those programs as well. And Christopher A. Snyder forwarded information about a great article from NTBugTraq that discusses these recent security problems. It's definitely worth checking out
