MS.Windows.SMTP.Server.DNS.Response.ID.Validation.Spoofing
Description
This indicates an attack attempt against a DNS Spoofing vulnerability in the Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server.
The vulnerability is caused by an error when the software handles specially crafted DNS responses. It allows a remote attacker to redirect network traffic and perform man-in-the-middle attacks by spoofing DNS responses.
Affected Products
Microsoft Windows 2000 (SP4 and previous)
Microsoft Windows XP (SP3, SP2 and previous)
Microsoft Windows 2003 (SP2 and previous)
Microsoft Windows 2008 (SP2 and previous)
Microsoft Windows 2008 R2
Microsoft Exchange Server 2003 (SP3, SP2 and previous)
Microsoft Exchange Server 2007 (SP2, SP1 and previous)
Microsoft Exchange Server 2010
Impact
Information Spoofing.
Recommended Actions
Apply the patch supplied by the vendor:
http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |