MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service could allow denial of service

<html><body><p>Resolves vulnerabilities in the Microsoft Exchange and Windows SMTP Service that could allow denial of service if an attacker sent a specially crafted DNS response to a computer that is running the SMTP service.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS10-024. To view the complete security bulletin, visit one of the following Microsoft Web sites:<br /><ul><li>Home users:<br /><div><a href=“http://www.microsoft.com/security/updates/bulletins/201004.aspx” target=“_self”>http://www.microsoft.com/security/updates/bulletins/201004.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update Web site now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“http://www.microsoft.com/technet/security/bulletin/ms10-024.mspx” target=“_self”>http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx</a></div></li></ul><span><h3>How to obtain help and support for this security update</h3> <br />Help installing updates: <br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></span></div><h2>More Information</h2><div>When you apply this update, the SMTP service may automatically start even if its Startup type is set to Manual. This occurs if the update starts or restarts IIS Admin service. Therefore, if you do not want SMTP service to start automatically, you should set its Startup type to Disabled before you apply the update. <br /><br /><span>Note</span> You should set the service back to Manual after the Service Pack installation has completed successfully.<br /><br /><br /><br /><h3>Known issues and additional information about this security update</h3><span>For more information about this security update and for information about any known issues with specific releases of this software, click the following article numbers to view the articles in the Microsoft Knowledge Base:<br /><br /><div><a href=“https://support.microsoft.com/en-us/help/976323”>976323 </a> MS10-024: Description of the security update for Windows SMTP Service: April 13, 2010<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/976702”>976702 </a> MS10-024: Description of the security update for Exchange Server 2003 Service Pack 2: April 13, 2010<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/976703”>976703 </a> MS10-024: Description of the security update for Exchange 2000 Server: April 13, 2010<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/981401”>981401 </a> Description of Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/981383”>981383 </a> Description of Update Rollup 4 for Microsoft Exchange Server 2007 Service Pack 2<br /><br /></div></span><span><div><a href=“https://support.microsoft.com/en-us/help/981407”>981407 </a> Description of Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 1<br /><br /></div></span></div></body></html>