Intrusion Prevention

MS.Windows.SMTP.Server.DNS.Response.Field.Validation.Spoofing

Description

This indicates an attack attempt against a DNS-spoofing vulnerability in the Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server.
The vulnerability is caused by an error when the vulnerable software handles specially crafted DNS responses. It allows a remote attacker to redirect network traffic and perform man-in-the-middle attacks by spoofing DNS responses.

Affected Products

Microsoft Windows 2000 (SP4 and previous)
Microsoft Windows XP (SP3, SP2 and previous)
Microsoft Windows 2003 (SP2 and previous)
Microsoft Windows 2008 (SP2 and previous)
Microsoft Windows 2008 R2
Microsoft Exchange Server 2003 (SP3, SP2 and previous)
Microsoft Exchange Server 2007 (SP2, SP1 and previous)
Microsoft Exchange Server 2010

Impact

Information Spoofing

Recommended Actions

Apply the patch supplied by the vendor:
http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx

CVE References

CVE-2010-1690