Microsoft Exchange hole "critical"

Microsoft on Wednesday issued a security alert about a newly discovered flaw in its Exchange 2000 e-mail software that could allow hackers to cripple e-mail servers.

The vulnerability, which Microsoft classified as "critical," affects e-mail servers running Exchange 2000.

Malformed messages created using RFC 821 and 822, messaging protocols related to the SMTP format commonly used by e-mail programs, can cause the CPU of the server receiving the message to run at 100 percent as it attempts to read the message. The result would be a denial-of-service attack, with the affected server unable to do anything until it finishes processing the message.

Christopher Budd, security program manager at Microsoft's security response center, said the flaw was assigned a "critical" rating because once the attack starts, it can't be stopped, even if Exchange is restarted or the server rebooted.

"Once the process starts, you can't stop it," he said, adding that it could take a server anywhere from a few seconds to a few hours to process a message. "The key here is that once the system gets hold of that message, it's got to deal with it."

The bulletin noted that creating such messages would require specialized knowledge and software.

"You'd have to be fairly sophisticated," Budd said. "This is not something where somebody opens an e-mail client, puts a few bad characters in a message, and sends it. It would basically require someone to know the language of SMTP."

Microsoft urged system administrators to promptly patch any Exchange 2000 servers.

Discovery of the flaw was credited to researchers at the Johannes Gutenberg University in Mainz, Germany.