MS.Windows.SMTP.Server.DNS.Response.ID.Validation.Spoofing

description-logoDescription

This indicates an attack attempt against a DNS Spoofing vulnerability in the Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server.
The vulnerability is caused by an error when the software handles specially crafted DNS responses. It allows a remote attacker to redirect network traffic and perform man-in-the-middle attacks by spoofing DNS responses.

affected-products-logoAffected Products

Microsoft Windows 2000 (SP4 and previous)
Microsoft Windows XP (SP3, SP2 and previous)
Microsoft Windows 2003 (SP2 and previous)
Microsoft Windows 2008 (SP2 and previous)
Microsoft Windows 2008 R2
Microsoft Exchange Server 2003 (SP3, SP2 and previous)
Microsoft Exchange Server 2007 (SP2, SP1 and previous)
Microsoft Exchange Server 2010

Impact logoImpact

Information Spoofing.

recomended-action-logoRecommended Actions

Apply the patch supplied by the vendor:
http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)