Date: 16 October 2003
References: ESB-2004.0270
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
A U S C E R T A L E R T
AL-2003.21 -- AUSCERT ALERT
Vulnerability in Exchange Server Could Allow
Arbitrary Code Execution(829436)
Microsoft Security Bulletin MS03-046
16 October 2003
===========================================================================
AusCERT Alert Summary
---------------------
Product: Microsoft Exchange Server 5.5, Service Pack 4
Microsoft Exchange 2000 Server, Service Pack 3
Publisher: Microsoft
Operating System: Windows
Impact: Administrator Compromise
Denial of Service
Access Required: Remote
CVE Names: CAN-2003-0714
Due to the severity of this vulnerability, AusCERT is release this
information as an AusCERT Alert. AusCERT will continue to monitor this
vulnerability and any changes in exploit activity. AusCERT members will
be updated as information becomes available.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Title: Vulnerability in Exchange Server Could Allow Arbitrary Code
Execution (829436)
Date: October 15, 2003
Software: Microsoft Exchange Server 5.5, Service Pack 4; Microsoft
Exchange 2000 Server, Service Pack 3
Impact: Remote Code Execution
Maximum Severity Rating: Critical
Bulletin: MS03-046
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-046
What Is It?
The Microsoft Security Response Center has released Microsoft
Security Bulletin MS03-046 which concerns a vulnerability in the
versions of Microsoft Exchange Server listed above. Customers are
advised to review the information in the bulletin, test and deploy
the patch immediately in their environments, if applicable.
More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
If you have any questions regarding this alert please contact your
Technical Account Manager or Application Development Consultant.
- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBP42DcZoTaijrcixLEQJmVwCfR5PN8Ly6yp8CpwIdyxJwsDNmbkkAn0bq
xyrZT64cOAlUlR9crxoeJNxW
=R0hA
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
This alert is provided as a service to AusCERT's members. As AusCERT did
not write the document quoted above, AusCERT has had no control over its
content. The decision to follow or act on information or advice contained in
this security bulletin is the responsibility of each user or organisation, and
should be considered in accordance with your organisation's site policies and
procedures. AusCERT takes no responsibility for consequences which may arise
from following or acting on information or advice contained in this security
bulletin.
NOTE: This is only the original release of the alert. It may not be
updated when updates to the original are made. If downloading at a later
date, it is recommended that the alert is retrieved directly from the
author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the alert above. If you have any questions or need further information,
please contact them directly.
Previous advisories, alerts and external security bulletins can be
retrieved from:
http://www.auscert.org.au/render.html?cid=1977
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call after hours
for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBP422lyh9+71yA2DNAQHOZwQAhkhuiia2I0YaJiA2dpke/gr5bF/Uat+r
FhkqbfuMZ3731YiWiqQxZO/wWaysfURxIFoexsvNlc/fYktZ4WcEKyfC/saRmJJS
+6XgAjCRuB6UDxlfsjTYmRfWqxUboYBD02sb+tqbAjuCUKge904GEeJcwE5ydhKF
4BFOzIJAliY=
=eNLe
-----END PGP SIGNATURE-----
|