Microsoft Product Support Services   All Products  |   Support  |   Search  |   microsoft.com Home  
microsoft.com
  Support Home  |   Find a Solution  |   Request Support  |   Custom Support  |

Authentication Error in SMTP Service Could Allow Mail Relaying


The information in this article applies to:
  • Microsoft Windows versions 2000, 2000 SP1, 2000 SP2 Professional
  • Microsoft Windows versions 2000, 2000 SP1, 2000 SP2 Server
  • Microsoft Windows versions 2000, 2000 SP1, 2000 SP2 Advanced Server


SYMPTOMS

A vulnerability exists in the Windows 2000 SMTP service that could enable an unauthorized user to conduct mail relaying by using a Windows 2000 server. This could enable an attacker to disguise the origination point of an e-mail message, or co-opt a server's resources for mass mailings. The vulnerability is subject to the following constraints:

  • It would only affect servers that are running the native Windows 2000 Mail service. Mail servers that are running Microsoft Exchange (even on Windows 2000) would not be affected.


  • Even a computer that has the native Windows 2000 Mail service installed would only be affected if it were configured as a stand-alone computer rather than a member of a domain.


  • Proper use of a firewall could be used to prevent Internet users from exploiting the vulnerability.



CAUSE

This vulnerability results because of an authentication error in the SMTP service that installs as part of Microsoft Internet Information Services (IIS). In the case where the server is a stand-alone computer rather than a domain member, it could be possible for an unauthorized user to authenticate to the computer and use it for mail relaying.


RESOLUTION

A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems that are determined to be at risk of attack. Please evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. Please see the associated Microsoft Security Bulletin to help make this determination. This fix may receive additional testing at a later time, to further ensure product quality. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now. Otherwise, wait for the next Windows 2000 service pack that contains this fix.

To resolve this problem immediately, download the fix as instructed below or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://support.microsoft.com/directory/overview.asp
NOTE: In special cases, charges that are normally incurred for support calls may be canceled, if a Microsoft Support Professional determines that a specific update will resolve your problem. Normal support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following file is available for download from the Microsoft Download Center:
English (US):
[GRAPHIC: Download]Download Q302755_w2k_sp3_x86_en.exe now

German:
[GRAPHIC: Download]Download Q302755_w2k_sp3_x86_de.exe now

Release Date: July 5, 2001

For additional information about how to download Microsoft Support files, click the article number below to view the article in the Microsoft Knowledge Base:
Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft used the most current virus detection software available on the date of posting to scan this file for viruses. Once posted, the file is housed on secure servers that prevent any unauthorized changes to the file.

The English version of this fix should have the following file attributes or later:
   Date          Time   Version        Size     File name
   --------------------------------------------------------
   25-June-2001  23:13  5.0.2195.3712  320,784  Aqueue.dll
   25-June-2001  23:13  5.0.2195.3712   66,832  Mailmsg.dll
   25-June-2001  23:13  5.0.2195.3649   38,160  Ntfsdrv.dll
   25-June-2001  23:13  5.0.2195.3779  434,448  Smtpsvc.dll 


STATUS

Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft Windows 2000.


MORE INFORMATION

For more information about this vulnerability, please see the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms01-037.asp
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:
Q265173 Datacenter Program and Windows 2000 Datacenter Server Product
For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:
Q296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot
For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:
Q249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

Additional query words: security_patch

Keywords : kbenv kbtool kbWin2000PreSP3Fix
Issue type : kbbug
Technology : kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Serv kbwin2000ServSearch kbwin2000Search kbwin2000ProSearch kbwin2000Pro kbWinAdvServSearch kbWin2000AdvServSP2 kbWin2000AdvServSP1 kbWin2000ProSP2 kbWin2000ProSP1 kbwin2000ServSP1 kbwin2000ServSP2


Last Reviewed: July 6, 2001
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.


Article ID: Q302755

Last Reviewed:
July 6, 2001

Send to a friend

Provided by
Microsoft Product Support Services


Did the information in this article help answer your question?

Yes
No
Did not apply

Please provide additional comments about this information.
(255 character max)