Microsoft Security Advisory MS04-035 - An attacker who successfully exploited an SMTP vulnerability in Windows could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
d8b5ce3d9d0907ec2f21a418dfbac6121cbc95e4bfb24a5d3200f76f086def7c
<h1>Microsoft Security Bulletin MS04-035</h1><h2 class="subtitle">Vulnerability in SMTP Could Allow Remote Code Execution (885881)</h2><div style="height: 18px"></div><p><b>Issued:</b> October 12, 2004<br><b>Version:</b> 1.0</p><a name="ESAA"></a><h3>Summary</h3><div id="sl1-ESAA"><p><b>Who should read this document: </b>System administrators who use Microsoft Exchange Server 2003, Windows XP 64-Bit Edition Version 2003, or Windows Server 2003</p><p><b>Impact of Vulnerability: </b>Remote Code Execution</p><p><b>Maximum Severity Rating: </b>Critical</p><p><b>Recommendation: </b>Customers should apply the update immediately.</p><p><b>Security Update Replacement: </b>None</p><p><b>Caveats: </b>None</p><p><b>Tested Software and Security Update Download Locations:</b></p><p><b>Affected Software: </b></p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows XP 64-Bit Edition Version 2003 – <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=b53e890d-7d6a-4bb4-8e28-15d661014288">Download the update (KB885881)</a></p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows Server 2003 – <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=d7767455-1ca0-49ea-8f71-76da5d451a07">Download the update (KB885881)</a></p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows Server 2003 64-Bit Edition – <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=b53e890d-7d6a-4bb4-8e28-15d661014288">Download the update (KB885881)</a></p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003 Service Pack 1 when installed on Microsoft Windows Server 2003 (uses the Windows 2003 SMTP component)</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Exchange Server 2003 when installed on Microsoft Windows 2000 Service Pack 3 or Microsoft Windows 2000 Service Pack 4 – <a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=313BEC77-0845-46D4-BB43-06C792ADB2EA">Download the update (KB885882)</a></p></td></tr></table><p><b>Non-Affected Software:</b></p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows NT Server 4.0 Service Pack 6a</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows 2000 Service Pack 3 or Microsoft Windows 2000 Service Pack 4</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows XP, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows XP 64-Bit Edition Service Pack 1</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Exchange Server 5.0 Service Pack 2</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Exchange Server 5.5 Service Pack 4</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Exchange 2000 Server Service Pack 3</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Exchange Server 2003 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 3 or Microsoft Windows 2000 Service Pack 4</p></td></tr></table><p><b>Tested Microsoft Windows and Exchange components:</b></p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows NT Server 4.0 Service Pack 6a SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows 2000 Service Pack 3 STMP component and Microsoft Windows 2000 Service Pack 4 SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows XP SMTP component, Microsoft Windows XP Service Pack 1 SMTP component, and Microsoft Windows XP Service Pack 2 SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows XP 64-Bit Edition Service Pack 1 SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows XP 64-Bit Edition Version 2003 SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows Server 2003 SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows Server 2003 64-Bit Edition SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Exchange Server 2003 Routing Engine component</p></td></tr></table><p><b>Affected components:</b></p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows XP 64-Bit Edition Version 2003 SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows Server 2003 SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Windows Server 2003 64-Bit Edition SMTP component</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Microsoft Exchange Server 2003 Routing Engine component</p></td></tr></table><p>The software in this list has been tested to determine if the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support lifecycle for your product and version, visit the following <a href="http://go.microsoft.com/fwlink/?LinkId=21742">Microsoft Support Lifecycle Web site</a>.</p><div style="margin-top: 3px; margin-bottom: 10px"><a href="#ESAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#ESAA">Top of section</a></div></div><h2 class="extra">General Information</h2><div class="expandoIndent" style="margin-bottom:15px;"><a name="EDRAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:6px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l1-EDRAA\')"><img width="9" height="9" border="0" id="is3l1-EDRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l1-EDRAA\')"><img width="9" height="9" border="0" id="is3l1-EDRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l1-EDRAA\')" style="text-decoration:none;">');
</script><h3>Executive Summary</h3><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l1-EDRAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l1-EDRAA'); }
</script><div class="expandoIndent"><p><b>Executive Summary:</b></p><p>This update resolves a newly-discovered vulnerability. A remote code execution vulnerability exists in the Simple Mail Transfer Protocol (SMTP) component that is provided as part of the affected software. The vulnerability is documented in the Vulnerability Details section of this bulletin.</p><p>An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.</p><p>We recommend that customers apply the update immediately.</p><p><b>Severity Ratings and Vulnerability Identifiers:</b></p><table cellspacing="0" class="dataTable" id="EBDRAA" cellpadding="0"><thead><tr valign="top" class="stdHeader"><td id="colEFBBDRAA">Vulnerability Identifiers</td><td id="colEEBBDRAA">Impact of Vulnerability</td><td id="colEDBBDRAA">Exchange Server 2003</td><td id="colECBBDRAA">Windows Server 2003</td><td id="colEBBBDRAA">Windows Server 2003 64-Bit Edition</td><td id="colEABBDRAA" style="border-right: solid 1px #CCCCCC">Windows XP 64-Bit Edition Version 2003</td></tr></thead><tbody><tr valign="top" class="record"><td><p class="lastInCell">SMTP Vulnerability - <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0840">CAN-2004-0840</a></p></td><td><p class="lastInCell">Remote Code Execution<br></p></td><td><p class="lastInCell">Critical</p></td><td><p class="lastInCell">Important</p></td><td><p class="lastInCell">Important</p></td><td style="border-right: solid 1px #CCCCCC"><p class="lastInCell">Important<br></p></td></tr></tbody></table><div class="dataTableBottomMargin"></div><p>This <a href="http://go.microsoft.com/fwlink/?LinkId=21140">assessment</a> is based on the types of systems that are affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.</p></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#EDRAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#EDRAA">Top of section</a></div></div><a name="ECRAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:6px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l1-ECRAA\')"><img width="9" height="9" border="0" id="is3l1-ECRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l1-ECRAA\')"><img width="9" height="9" border="0" id="is3l1-ECRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l1-ECRAA\')" style="text-decoration:none;">');
</script><h3>Frequently asked questions (FAQ) related to this security update</h3><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l1-ECRAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l1-ECRAA'); }
</script><div class="expandoIndent"><p><b>Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine if this update is required?</b><br>MBSA will determine if the update for this vulnerability is required for Microsoft Windows Server 2003 or Microsoft Exchange Server 2003. For detailed information about the programs that MBSA currently does not detect, see Microsoft Knowledge Base Article <a href="http://support.microsoft.com/?id=306460">306460</a>. For more information about MBSA, visit the <a href="http://go.microsoft.com/fwlink/?LinkId=21134">MBSA Web site</a>.</p><p><b>Note</b> After April 20, 2004, the Mssecure.xml file that is used by MBSA 1.1.1 and earlier versions is no longer being updated with new security bulletin data. Therefore, scans that are performed after that date with MBSA 1.1.1 or earlier will be incomplete. All users should upgrade to MBSA 1.2 because it provides more accurate security update detection and supports additional products. Users can download MBSA 1.2 from the <a href="http://go.microsoft.com/fwlink/?LinkId=21134">MBSA Web site</a>. For more information about MBSA support, visit the following <a href="http://go.microsoft.com/fwlink/?LinkId=33332">Microsoft Baseline Security Analyzer 1.2 Q&A Web site</a>.</p><p><b>Can I use Systems Management Server (SMS) to determine if this update is required?</b><br>Yes. SMS can help detect and deploy this security update. For information about SMS, visit the <a href="http://go.microsoft.com/fwlink/?LinkId=21158">SMS Web site</a>.</p><p><b>Note</b> SMS may target update 885882 to systems using Exchange Server 2003 on Windows Server 2003 that has not yet been updated with Exchange Server 2003 Service Pack 1. While these systems do not need this update, installing this update on these systems is fully supported and not expected to cause any issues. For more information see the FAQ “Why are there updates for both Windows Server 2003 and Exchange Server 2003” and "Is it possible to install the Exchange Routing Engine component update (KB885882) on Windows Server 2003-based systems?".</p></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#ECRAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#ECRAA">Top of section</a></div></div><a name="EBRAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:6px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l1-EBRAA\')"><img width="9" height="9" border="0" id="is3l1-EBRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l1-EBRAA\')"><img width="9" height="9" border="0" id="is3l1-EBRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l1-EBRAA\')" style="text-decoration:none;">');
</script><h3>Vulnerability Details</h3><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l1-EBRAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l1-EBRAA'); }
</script><div class="expandoIndent"><a name="EABRAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:2px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l2-EABRAA\')"><img width="9" height="9" border="0" id="is3l2-EABRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l2-EABRAA\')"><img width="9" height="9" border="0" id="is3l2-EABRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l2-EABRAA\')" style="text-decoration:none;">');
</script><h4>SMTP Vulnerability - CAN-2004-0840:</h4><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l2-EABRAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l2-EABRAA'); }
</script><div class="expandoIndent"><p>A remote code execution vulnerability exists in the Windows Server 2003 SMTP component because of the way that it handles Domain Name System (DNS) lookups. An attacker could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4.</p><a name="ECABRAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:2px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l3-ECABRAA\')"><img width="9" height="9" border="0" id="is3l3-ECABRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l3-ECABRAA\')"><img width="9" height="9" border="0" id="is3l3-ECABRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l3-ECABRAA\')" style="text-decoration:none;">');
</script><h5>Mitigating Factors for SMTP Vulnerability - CAN-2004-0840:</h5><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l3-ECABRAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l3-ECABRAA'); }
</script><div class="expandoIndent"><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 64-Bit Edition, or Windows XP 64-Bit Edition Version 2003.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>By default, the SMTP component is not installed when Internet Information Services (IIS) 6.0 is installed.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Windows NT Server 4.0, Windows 2000, Windows XP, Windows XP 64-Bit Edition, Exchange Server 5.0, Exchange Server 5.5, and Exchange 2000 Server are not affected by this vulnerability.</p></td></tr></table></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#ECABRAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#ECABRAA">Top of section</a></div></div><a name="EBABRAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:2px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l3-EBABRAA\')"><img width="9" height="9" border="0" id="is3l3-EBABRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l3-EBABRAA\')"><img width="9" height="9" border="0" id="is3l3-EBABRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l3-EBABRAA\')" style="text-decoration:none;">');
</script><h5>Workarounds for SMTP Vulnerability - CAN-2004-0840:</h5><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l3-EBABRAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l3-EBABRAA'); }
</script><div class="expandoIndent"><p>Microsoft has tested the following workaround. This workaround will not correct the underlying vulnerability but will help block known attack vectors. Workarounds may cause a reduction in functionality in some cases - in such situations this is identified below.</p><p><b>Use a firewall to block incoming TCP protocol network traffic on port 53 </b><b>for Windows Server 2003 systems using the SMTP component, regardless of if Exchange is installed.</b><br>Use a firewall to block TCP protocol network traffic on port 53. Do not block UDP traffic on port 53 or the server will be unable to make any DNS queries to resolve domain names.</p><p><b>Impact of Workaround:</b> Port 53 is used for DNS queries and responses. By blocking the TCP protocol on port 53, all DNS name resolution must be done through the UDP protocol. Large DNS responses sent through TCP can be split between multiple packets, while responses sent through UDP must fit within a single UDP packet. This means that if you rely only on UDP for DNS name resolution, you may be unable communicate with domains that return more IP addresses than can fit in a single UDP packet. Typically, each entry in a DNS response requires 16 bytes. Therefore, a single UDP response packet can contain approximately 30 IP addresses.</p><p><b>Note</b> It is possible to minimize potential disruptions of DNS name resolution by implementing a metabase key. For detailed information about this, see Microsoft Knowledge Base Article <a href="http://support.microsoft.com/?id=820284">820284</a>.<br>Setting the metabase key will allow SMTP to use partial UDP name resolution responses to route mail. It will not prevent TCP responses from being sent to the server, and setting the metabase key is not a substitute for blocking TCP on port 53. This metabase key affects only SMTP, and it will not affect the name resolution behavior of other services and applications.</p><p><b>Block TCP protocol network traffic on Windows Server 2000 Service Pack 3 or Service Pack 4 systems with </b><b>Microsoft Exchange Server 2003 with no service pack installed.</b><br>If you have defined External DNS Servers, you can block TCP protocol network traffic on port 53 between the Exchange server and all external DNS servers. Follow these steps to check if External DNS Servers have been configured on your Exchange server:</p><p>Start the <b>Exchange System Manager</b> and for each server:</p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Expand the <b>Protocols</b> container.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Expand the <b>SMTP</b> container.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>For each SMTP virtual server:</p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Open the <b>SMTP virtual server</b> Properties.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Select the <b>Delivery</b> tab.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Click the <b>Advanced</b> button.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Click the <b>Configure</b> button.</p></td></tr></table><p>Block TCP traffic on port 53 between any external DNS servers listed and the Exchange server. If there are no external DNS servers listed, you do not have to take any action. However, Microsoft strongly recommends that you apply the security update or service pack for Exchange 2003 so that you will protected if the configuration of your server changes in the future.</p></td></tr></table><p><b>Impact of Workaround:</b> This workaround will affect only SMTP traffic on the Exchange system. It will not affect name resolution by other applications and services. The external DNS servers configured in Exchange System Manager are used only by the SMTP and Exchange Routing services. With TCP traffic from these servers blocked on port 53, Exchange will automatically use partial UDP name resolution responses to route mail. There is no need to set a metabase key as described above for Windows Server 2003 in order for SMTP to take advantage of partial responses. It is possible that some mail will still be unable to be delivered. This will happen only if a valid email server IP address is not found in a partial UDP response.</p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Do not block both TCP and UDP for port 53. Doing so will cause all DNS name resolution to fail on the server.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>If your server hosts applications that are configured to use only TCP for DNS responses, then this workaround will cause those applications to be unable to resolve domain names to IP addresses.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>If your server is used primarily as an SMTP-based email server or Exchange server, messages addressed to domains that return large DNS responses may not be processed or delivered.</p></td></tr></table></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#EBABRAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#EBABRAA">Top of section</a></div></div><a name="EAABRAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:2px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l3-EAABRAA\')"><img width="9" height="9" border="0" id="is3l3-EAABRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l3-EAABRAA\')"><img width="9" height="9" border="0" id="is3l3-EAABRAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l3-EAABRAA\')" style="text-decoration:none;">');
</script><h5>FAQ for SMTP Vulnerability - CAN-2004-0840:</h5><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l3-EAABRAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l3-EAABRAA'); }
</script><div class="expandoIndent"><p><b>What is the scope of the vulnerability?</b><br>A remote code execution vulnerability exists in the Windows Server 2003 SMTP component because of the way that it handles DNS lookups. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The vulnerability also exists in Microsoft Exchange Server 2003 when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4.</p><p><b>What causes the vulnerability?</b><br>An unchecked buffer in the Windows SMTP component and in the Exchange Routing Engine component.</p><p><b>What is SMTP?</b><br>Simple Mail Transfer Protocol (SMTP) is an industry standard for delivering e-mail messages over the Internet, as defined in <a href="http://www.ietf.org/rfc/rfc2821.txt?number=2821">RFC 2821</a> and in <a href="http://www.ietf.org/rfc/rfc2821.txt?number=2822">RFC 2822</a>. The protocol defines the format of e-mail messages, the fields that are in e-mail messages, the contents of e-mail messages, and the handling procedures for e-mail messages.</p><p><b>What is the Exchange Routing Engine component?</b><br>The Exchange Routing Engine component is part of the Exchange Routing Engine Service. The Exchange Routing Engine Service implements the Routing Engine API and determines how e-mail messages are routed through an Exchange system.</p><p><b>Why are there updates for both Windows Server 2003 and Exchange Server 2003?</b><br>The reason that this issue is addressed in both products is that name resolution functionality that was previously available only in the Exchange Server 2003 Routing Engine component was added to the Windows Server 2003 SMTP component. This is why you should install the update for Windows Server SMTP component update (KB885881) on Windows Server 2003 regardless of whether you have Exchange Server 2003 installed.</p><p>The update for Microsoft Exchange Server 2003 when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4 (KB885882) addresses the issue that is described in this bulletin in the Exchange Server 2003 Routing Engine component.</p><p>On Windows 2000, you should install Exchange Server 2003 Routing Engine component update only if you are running Exchange Server 2003 and you have not yet installed Exchange Server 2003 Service Pack 1.</p><p>On Windows Server 2003, Exchange uses the Windows Server 2003 SMTP component and bypasses the Exchange Server 2003 Routing Engine component for certain name resolution functions. On Windows 2000 Server, Exchange uses the functionality its Exchange Routing Engine component because this functionality is not available in the Windows 2000 SMTP component.</p><table cellspacing="0" class="dataTable" id="EMAABRAA" cellpadding="0"><thead></thead><tbody><tr valign="top" class="record"><td><p class="lastInCell"><b>Windows and/or Exchange software</b></p></td><td><p class="lastInCell"><b>KB885881</b></p></td><td style="border-right: solid 1px #CCCCCC"><p class="lastInCell"><b>KB885882</b></p></td></tr><tr valign="top" class="evenRecord"><td><p class="lastInCell">Windows Server 2003</p></td><td><p class="lastInCell"><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=d7767455-1ca0-49ea-8f71-76da5d451a07">Important</a></p></td><td style="border-right: solid 1px #CCCCCC"><p class="lastInCell">Not Applicable</p></td></tr><tr valign="top" class="record"><td><p class="lastInCell">Windows Server 2003 64-Bit Edition</p></td><td><p class="lastInCell"><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=b53e890d-7d6a-4bb4-8e28-15d661014288">Important</a></p></td><td style="border-right: solid 1px #CCCCCC"><p class="lastInCell">Not Applicable</p></td></tr><tr valign="top" class="evenRecord"><td><p class="lastInCell">Windows XP 64-Bit Edition Version 2003</p></td><td><p class="lastInCell"><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=b53e890d-7d6a-4bb4-8e28-15d661014288">Important</a></p></td><td style="border-right: solid 1px #CCCCCC"><p class="lastInCell">Not Applicable</p></td></tr><tr valign="top" class="record"><td><p class="lastInCell">Exchange Server 2003 when installed on Windows Server 2003</p></td><td><p class="lastInCell"><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=d7767455-1ca0-49ea-8f71-76da5d451a07">Critical</a> <b>[1]</b></p></td><td style="border-right: solid 1px #CCCCCC"><p class="lastInCell"><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=d7767455-1ca0-49ea-8f71-76da5d451a07">None</a> <b>[2]</b></p></td></tr><tr valign="top" class="evenRecord"><td><p class="lastInCell">Exchange Server 2003 Service Pack 1 when installed on Windows Server 2003</p></td><td><p class="lastInCell"><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=d7767455-1ca0-49ea-8f71-76da5d451a07">Critical</a> <b>[1]</b></p></td><td style="border-right: solid 1px #CCCCCC"><p class="lastInCell">Not Applicable</p></td></tr><tr valign="top" class="record"><td><p class="lastInCell">Exchange Server 2003 when installed on Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4</p></td><td><p class="lastInCell">Not Applicable</p></td><td style="border-right: solid 1px #CCCCCC"><p class="lastInCell"><a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=313BEC77-0845-46D4-BB43-06C792ADB2EA">Critical</a></p></td></tr></tbody></table><div class="dataTableBottomMargin"></div><p><b>[1]</b> This is the Windows Server 2003 update.</p><p><b>[2]</b> This update can be installed on these systems but is not necessary to be protected from this vulnerability. See the next FAQ for more information.</p><p><b>Is it possible to install the Exchange Routing Engine component update (KB885882) on Windows Server 2003-based systems?</b><br>Yes.It is possible to install the Exchange Routing Engine component update on Windows Server 2003-based systems if you haveExchange Server 2003 installed, but you have not yet installed Exchange Server 2003 Service Pack 1. However, you may not want to because doing this does not help protect against this vulnerability on Windows Server 2003-based systems. It only helps protect against this vulnerability on Windows 2000-based systems. To help protect against this vulnerability on Windows Server 2003-based systems, you must install the Windows Server 2003 SMTP component update (KB885881).</p><p><b>What might an attacker use the vulnerability to do?</b><br>An attacker who successfully exploited this vulnerability could take complete control of the affected system or could cause the SMTP component, and other services that are hosted by Internet Information Services on the same system, to repeatedly fail.</p><p><b>Who could exploit the vulnerability?</b><br>On Exchange Server 2003, or on systems that use the Windows Server 2003 SMTP component, any anonymous user who could deliver a specially crafted message to the affected system could try to exploit this vulnerability.</p><p><b>How could an attacker exploit the vulnerability?</b><br>An attacker could attempt to exploit the vulnerability by creating a specially crafted DNS response message and sending the message to an affected system, which could then cause the affected system to execute code.</p><p><b>What systems are primarily at risk from the vulnerability?</b><br>Systems using Windows 2000 are only vulnerable to this issue when they use Exchange Server 2003. When Exchange Server 2003 Service Pack 1 is installed, systems using Windows 2000 are no longer at risk from this vulnerability.</p><p>Systems using Windows Server 2003 are at risk from this vulnerability when they use the native SMTP component that is provided as part of the operating system, when they run Exchange Server 2003, or when they run Exchange Server 2003 Service Pack 1.</p><p><b>Is the Windows 2000 SMTP component affected?</b><br>No. The vulnerability does not affect the Windows 2000 SMTP component.</p><p><b>Could the vulnerability be exploited over the Internet? </b><br>Yes. An attacker may be able to exploit this vulnerability over the Internet.</p><p><b>What does the update do?</b><br>The update removes the vulnerability by modifying the way that the SMTP component validates the length of a message before it passes the message to the allocated buffer.</p><p><b>When this security bulletin was issued, had this vulnerability been publicly disclosed?</b><br>No. Microsoft had not received any information indicating that this vulnerability had been publicly disclosed when this security bulletin was originally issued.</p></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#EAABRAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#EAABRAA">Top of section</a></div></div></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#EABRAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#EABRAA">Top of section</a></div></div></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#EBRAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#EBRAA">Top of section</a></div></div><a name="EARAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:6px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l1-EARAA\')"><img width="9" height="9" border="0" id="is3l1-EARAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l1-EARAA\')"><img width="9" height="9" border="0" id="is3l1-EARAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l1-EARAA\')" style="text-decoration:none;">');
</script><h3>Security Update Information</h3><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l1-EARAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l1-EARAA'); }
</script><div class="expandoIndent"><p><b>Installation Platforms and Prerequisites:</b></p><p>For information about the specific security update for your platform, click the appropriate link:</p><a name="EBARAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:2px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l2-EBARAA\')"><img width="9" height="9" border="0" id="is3l2-EBARAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l2-EBARAA\')"><img width="9" height="9" border="0" id="is3l2-EBARAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l2-EBARAA\')" style="text-decoration:none;">');
</script><h4>Windows Server 2003 (all versions) and Windows XP 64-Bit Edition Version 2003</h4><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l2-EBARAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l2-EBARAA'); }
</script><div class="expandoIndent"><p><b>Note </b>For Windows XP 64-Bit Edition Version 2003, this security update is the same as the Windows Server 2003 64-Bit Edition security update.</p><p><b>Prerequisites</b><br>This security update requires a release version of Windows Server 2003 or the release version of Windows XP 64-Bit Edition Version 2003.</p><p><b>Inclusion in Future Service Packs:</b><br>The update for this issue will be included in Windows Server 2003 Service Pack 1.</p><p><b>Installation Information</b></p><p>This security update supports the following setup switches:</p><p> <b>/help </b>Displays the command line options</p><p><b>Setup Modes</b></p><p> <b>/quiet </b> <b> </b>Quiet mode (no user interaction or display)</p><p> <b>/passive</b> Unattended mode (progress bar only)</p><p><b> /uninstall</b> Uninstalls the package</p><p><b>Restart Options </b></p><p> <b>/norestart</b> Do not restart when installation is complete</p><p> <b>/forcerestart</b> Restart after installation</p><p><b>Special Options </b></p><p> <b>/l</b> Lists installed Windows hotfixes or update packages</p><p> <b>/o</b> Overwrite OEM files without prompting</p><p> <b>/n</b> Do not back up files needed for uninstall</p><p> <b>/f</b> Force other programs to close when the computer shuts down</p><p> <b>/extract</b> Extracts files without starting setup</p><p><b>Note </b>You can combine these switches into one command. For backward compatibility, the security update also supports the setup switches that the previous version of the setup utility uses. For more information about the supported installation switches, see Microsoft Knowledge Base Article about the supported installation switches, see Microsoft Knowledge Base Article <a href="http://support.microsoft.com/?id=262841">262841</a>.</p><p><b>Deployment Information</b></p><p>To install the security update without any user intervention, use the following command at a command prompt for Windows Server 2003:</p><p><b>Windowsserver2003-kb885881-x86-enu /passive /quiet</b></p><p>To install the security update without forcing the system to restart, use the following command at a command prompt for Windows Server 2003:</p><p><b>Windowsserver2003-kb885881-x86-enu /norestart</b></p><p>For information about how to deploy this security update with Software Update Services, visit the <a href="http://go.microsoft.com/fwlink/?LinkId=21125">Software Update Services Web site</a>.</p><p><b>Restart Requirement</b></p><p>You must restart your system after you apply this security update.</p><p><b>Removal Information</b></p><p>To remove this update, use the Add or Remove Programs tool in Control Panel.</p><p>System administrators can also use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$NTUninstallKB885881$\Spuninst folder. The Spuninst.exe utility supports the following setup switches:</p><p><b>/?</b>: Show the list of installation switches.</p><p><b>/u</b>: Use unattended mode.</p><p><b>/f</b>: Force other programs to quit when the computer shuts down.</p><p><b>/z</b>: Do not restart when the installation is complete.</p><p><b>/q</b>: Use Quiet mode (no user interaction).</p><p><b>File Information</b></p><p>The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the <b>Time Zone</b> tab in the Date and Time tool in Control Panel.</p><p>Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, and Windows Server 2003 Datacenter Edition:</p><pre class="codeSample">
Date Time Version Size File name Folder
----------------------------------------------------------------
15-Sep-2004 02:27 6.0.3790.211 456192 Smtpsvc.dll RTMGDR
15-Sep-2004 02:14 6.0.3790.211 460288 Smtpsvc.dll RTMQFE
</pre><p>Windows Server 2003 64-Bit Enterprise Edition and Windows Server 2003 64-Bit Datacenter Edition:</p><pre class="codeSample">
Date Time Version Size File name Platform Folder
--------------------------------------------------------------------------
15-Sep-2004 02:31 6.0.3790.211 1174528 Smtpsvc.dll IA-64 RTMGDR
15-Sep-2004 02:15 6.0.3790.211 1182208 Smtpsvc.dll IA-64 RTMQFE
</pre><p><b>Note </b>When you install this security update on Windows Server 2003 or on Windows XP 64-Bit Edition Version 2003, the installer checks to see if any of the files that are being updated on your system have previously been updated by a Microsoft hotfix. If you have previously installed a hotfix to update one of these files, the installer copies the RTMQFE files to your system. Otherwise, the installer copies the RTMGDR files to your system. For more information, see Microsoft Knowledge Base Article <a href="http://support.microsoft.com/?id=824994">824994</a>.</p><p><b>Verifying Update Installation </b></p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p><b>Microsoft Baseline Security Analyzer</b></p><p>To verify that a security update is installed on an affected system, you may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool. This tool allows administrators to scan local and remote systems for missing security updates and for common security misconfigurations. For more information about MBSA, visit the <a href="http://go.microsoft.com/fwlink/?LinkId=21134">Microsoft Baseline Security Analyzer Web site</a>.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p><b>File Version Verification</b></p><p><b>Note</b> Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.</p><table cellpadding="0" cellspacing="0" border="0" class="numberedList"><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>1.</p></td><td><p>Click <b>Start</b>, and then click <b>Search</b>.</p></td></tr><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>2.</p></td><td><p>In the <b>Search Results </b>pane, click <b>All files and folders</b> under <b>Search Companion</b>.</p></td></tr><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>3.</p></td><td><p>In the <b>All or part of the file name </b>box, type a file name from the appropriate file information table, and then click <b>Search</b>.</p></td></tr><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>4.</p></td><td><p>In the list of files, right-click a file name from the appropriate file information table, and then click <b>Properties</b>.</p><p><b>Note</b> Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.</p></td></tr><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>5.</p></td><td><p>On the <b>Version</b> tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.</p><p><b>Note</b> Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.</p></td></tr></table></td></tr></table><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p><b>Registry Key Verification</b></p><p>You may also be able to verify the files that this security update has installed by reviewing the following registry key:</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP1\KB885881\Filelist</p><p><b>Note </b>This registry key may not contain a complete list of installed files. Also, this registry key may not be created correctly if an administrator or an OEM integrates or slipstreams the 885881 security update into the Windows installation source files.</p></td></tr></table></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#EBARAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#EBARAA">Top of section</a></div></div><a name="EAARAA"></a><table cellspacing="0" cellpadding="0" border="0"><tr><td style="padding:2px 6px 0px 0px;"><script type="text/javascript" language="javascript">
if(typeof(IsPrinterFriendly) == "undefined")
document.write('<a href="javascript:Toggle(\'s3l2-EAARAA\')"><img width="9" height="9" border="0" id="is3l2-EAARAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/plus.gif"></a>');
else
document.write('<a href="javascript:Toggle(\'s3l2-EAARAA\')"><img width="9" height="9" border="0" id="is3l2-EAARAA" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/minus.gif"></a>');
</script></td><td class="secLabel"><script type="text/javascript" language="javascript">
document.write('<a href="javascript:Toggle(\'s3l2-EAARAA\')" style="text-decoration:none;">');
</script><h4>Exchange Server 2003 when installed on Microsoft Windows 2000 Service Pack 3 or Microsoft Windows 2000 Service Pack 4</h4><script type="text/javascript" language="javascript">
document.write('</a>');
</script></td></tr></table><div id="s3l2-EAARAA"><script type="text/javascript" language="javascript">
if(document.getElementById && typeof(IsPrinterFriendly) == "undefined"){ Hide('s3l2-EAARAA'); }
</script><div class="expandoIndent"><p><b>Prerequisites</b><br>This security update requires a release version of Exchange Server 2003. This prerequisite applies only to systems where all the following conditions are true: </p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>The operating system is Windows Server 2000 Service Pack 3 or Windows Server 2000 Service Pack 4.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Exchange Server 2003 is installed.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Exchange Server 2003 Service Pack 1 is not installed.</p></td></tr></table><p><b>Inclusion in Future Service Packs:</b><br>The update for this issue is included in <a href="http://www.microsoft.com/exchange/downloads/2003/sp1.asp">Microsoft Exchange Server 2003 Service Pack 1</a>.</p><p><b>Installation Information</b></p><p>This security update supports the following setup switches:</p><p><b>/?</b> Show the list of installation switches.</p><p><b>/u</b> Use unattended mode (same as <b>/m</b>).</p><p><b>/m</b> Use unattended mode (same as <b>/u</b>).</p><p><b>/f</b> Force other programs to quit when the computer shuts down.</p><p><b>/n</b> Do not back up files for removal.</p><p><b>/o</b> Overwrite OEM files without prompting.</p><p><b>/z</b> Do not restart when the installation is complete.</p><p><b>/q</b> Use Quiet mode (no user interaction) and unattended mode (same as <b>/u</b> or <b>/m</b>).</p><p><b>/l</b> List installed hotfixes.</p><p><b>/x</b> Extract the files without running Setup.</p><p>See Microsoft Knowledge Base Article <a href="http://support.microsoft.com/?id=331646">331646 </a>for additional information about installer switches.</p><p><b>Deployment Information</b></p><p>To install the security update without any user intervention, use the following command at a command prompt:</p><p><b>Exchange2003-kb885882-x86-enu /q</b></p><p><b>Restart Requirement</b></p><p>You do not have to restart your computer after you apply this security update.</p><p>However, the installer will restart Internet Information Services (IIS) and all dependent services. Therefore, we recommend that you apply this security update at a time when there are no users using any Exchange services on the system. Also, the restart of IIS stops the routing engine and the SMTP component if the front-end Exchange server is tasked with this role. Therefore, no e-mail messages will be routed during this restart of the IIS service. This includes incoming and outgoing SMTP e-mail traffic. The File Transfer Protocol (FTP) and Network News Transfer Protocol (NNTP) services will also be affected.</p><p><b>Removal Information</b></p><p>To remove this security update, use the Add or Remove Programs tool in Control Panel.</p><p>System administrators can also use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the %Windir%\$ExchUninstall885882$\Spuninst folder. The Spuninst.exe utility supports the following setup switches:</p><p><b>/?</b>: Show the list of installation switches.</p><p><b>/u</b>: Use unattended mode.</p><p><b>/f</b>: Force other programs to quit when the computer shuts down.</p><p><b>/z</b>: Do not restart when the installation is complete.</p><p><b>/q</b>: Use Quiet mode (no user interaction).</p><p><b>File Information</b></p><p>The English version of this update has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the <b>Time Zone</b> tab in the Date and Time tool in Control Panel.</p><p><b>Note</b> Date, time, file name, or size information could change during installation. See the Verifying Update Installation section for details about how to verify an installation.</p><p>Exchange Server 2003 Enterprise Edition and Exchange Server 2003 Standard Edition:</p><pre class="codeSample">
Date Time Version Size File name
-----------------------------------------------------
09-Sep-2004 09:35 6.5.6980.98 823,808 Reapi.dll
</pre><p><b>Verifying Update Installation</b></p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p><b>File Version Verification</b></p><p><b>Note</b> Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.</p><table cellpadding="0" cellspacing="0" border="0" class="numberedList"><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>1.</p></td><td><p>Click <b>Start</b>, and then click <b>Search</b>.</p></td></tr><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>2.</p></td><td><p>In the <b>Search Results </b>pane, click <b>All files and folders</b> under <b>Search Companion</b>.</p></td></tr><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>3.</p></td><td><p>In the <b>All or part of the file name </b>box, type a file name from the appropriate file information table, and then click <b>Search</b>.</p></td></tr><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>4.</p></td><td><p>In the list of files, right-click a file name from the appropriate file information table, and then click <b>Properties</b>.</p><p><b>Note</b> Depending on the version of the operating system or programs installed, some of the files that are listed in the file information table may not be installed.</p></td></tr><tr valign="top"><td class="listNumber" nowrap="" align="right"><p>5.</p></td><td><p>On the <b>Version</b> tab, determine the version of the file that is installed on your computer by comparing it to the version that is documented in the appropriate file information table.</p><p><b>Note</b> Attributes other than file version may change during installation. Comparing other file attributes to the information in the file information table is not a supported method of verifying the update installation. Also, in certain cases, files may be renamed during installation. If the file or version information is not present, use one of the other available methods to verify update installation.</p></td></tr></table></td></tr></table><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p><b>Registry Key Verification</b></p><p>You may also be able to verify the files that this security update has installed by reviewing the following registry key:</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Exchange Server 2003\SP1\885882</p><p><b>Note </b>This registry key may not contain a complete list of installed files. Also, this registry key may not be created correctly when an administrator or an OEM integrates or slipstreams the 885882 security update into the Windows installation source files.</p></td></tr></table></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#EAARAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#EAARAA">Top of section</a></div></div></div><div style="margin-top: 3px; margin-bottom: 10px"><a href="#EARAA"><img width="7" height="9" border="0" src="/library/gallery/templates/MNP2.SecurityBulletin/../MNP2.Common/images/arrow_px_up.gif" alt="Top of section"></a><a class="topOfPage" href="#EARAA">Top of section</a></div></div></div><p><b>Obtaining Other Security Updates:</b></p><p>Updates for other security issues are available from the following locations:</p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Security updates are available from the <a href="http://go.microsoft.com/fwlink/?LinkId=21129">Microsoft Download Center</a>. You can find them most easily by doing a keyword search for "security_patch."</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Updates for consumer platforms are available from the <a href="http://go.microsoft.com/fwlink/?LinkId=21130">Windows Update Web site</a>.</p></td></tr></table><p><b>Support: </b></p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Customers in the U.S. and Canada can receive technical support from <a href="http://go.microsoft.com/fwlink/?LinkId=21131">Microsoft Product Support Services</a> at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the <a href="http://go.microsoft.com/fwlink/?LinkId=21155">International Support Web site</a>.</p></td></tr></table><p><b>Security Resources: </b></p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>The <a href="http://go.microsoft.com/fwlink/?LinkId=21132">Microsoft TechNet Security</a> Web site provides additional information about security in Microsoft products.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p><a href="http://go.microsoft.com/fwlink/?LinkId=21133">Microsoft Software Update Services</a></p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p><a href="http://go.microsoft.com/fwlink/?LinkId=21134">Microsoft Baseline Security Analyzer</a> (MBSA)</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p><a href="http://go.microsoft.com/fwlink/?LinkId=21130">Windows Update</a> </p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>Windows Update Catalog: For more information about the Windows Update Catalog, see Microsoft Knowledge Base Article <a href="http://support.microsoft.com/?id=323166">323166</a>.</p></td></tr><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p><a href="http://go.microsoft.com/fwlink/?LinkId=21135">Office Update</a> </p></td></tr></table><p><b>Software Update Services:</b></p><p>By using Microsoft Software Update Services (SUS), administrators can quickly and reliably deploy the latest critical updates and security updates to Windows 2000 and Windows Server 2003-based servers, and to desktop Windows 2000 Professional or Windows XP Professional.</p><p>For more information about how to deploy this security update with Software Update Services, visit the <a href="http://go.microsoft.com/fwlink/?LinkId=21133">Software Update Services Web site</a>.</p><p><b>Systems Management Server:</b></p><p>Microsoft Systems Management Server (SMS) delivers a highly-configurable enterprise solution for managing updates. By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. For more information about how administrators can use SMS 2003 to deploy security updates, see the <a href="http://go.microsoft.com/fwlink/?LinkId=22939">SMS 2003 Security Patch Management Web site</a>. SMS 2.0 users can also use <a href="http://go.microsoft.com/fwlink/?LinkId=33340">Software Updates Service Feature Pack</a> to help deploy security updates. For information about SMS, visit the <a href="http://go.microsoft.com/fwlink/?LinkId=21158">SMS Web site</a>.</p><p><b>Note </b>SMS uses the Microsoft Baseline Security Analyzer and the Microsoft Office Detection Tool to provide broad support for security bulletin update detection and deployment. Some software updates may not be detected by these tools. Administrators can use the inventory capabilities of the SMS in these cases to target updates to specific systems. For more information about this procedure, visit the following <a href="http://go.microsoft.com/fwlink/?LinkId=33341">Web site</a>. Some security updates require administrative rights following a restart of the system. Administrators can use the Elevated Rights Deployment Tool (available in the <a href="http://go.microsoft.com/fwlink/?LinkId=33387">SMS 2003 Administration Feature Pack</a> and in the <a href="http://go.microsoft.com/fwlink/?LinkId=21161">SMS 2.0 Administration Feature Pack</a>) to install these updates.</p><p><b>Disclaimer: </b></p><p>The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.</p><p><b>Revisions:</b> </p><table cellspacing="0" cellpadding="0" border="0"><tr><td class="listBullet" valign="top">•</td><td class="listItem"><p>V1.0 (October 12, 2004): Bulletin published</p></td></tr></table><br clear="all" style="font-size: 0pt"><div style="margin-top: 16px; margin-bottom: 20px; width: 100%">