MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service could allow denial of service

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

INTRODUCTION
Microsoft has released security bulletin MS10-024. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center

Local support according to your country: International Support

More information
When you apply this update, the SMTP service may automatically start even if its Startup type is set to Manual. This occurs if the update starts or restarts IIS Admin service. Therefore, if you do not want SMTP service to start automatically, you should set its Startup type to Disabled before you apply the update.

Note You should set the service back to Manual after the Service Pack installation has completed successfully.

Known issues and additional information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article numbers to view the articles in the Microsoft Knowledge Base:
976323 MS10-024: Description of the security update for Windows SMTP Service: April 13, 2010
976702 MS10-024: Description of the security update for Exchange Server 2003 Service Pack 2: April 13, 2010
976703 MS10-024: Description of the security update for Exchange 2000 Server: April 13, 2010
981401 Description of Update Rollup 3 for Microsoft Exchange Server 2010 Release to Manufacturing
981383 Description of Update Rollup 4 for Microsoft Exchange Server 2007 Service Pack 2
981407 Description of Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 1
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Properties

Article ID: 981832 - Last Review: 03/18/2013 23:22:00 - Revision: 4.2

Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 Standard, Windows Web Server 2008, Microsoft Windows Server 2003 Service Pack 2, Microsoft Windows XP Service Pack 2, Microsoft Windows XP Service Pack 3, Microsoft Exchange Server 2010 Standard, Microsoft Exchange Server 2010 Enterprise, Microsoft Exchange Server 2007 Service Pack 2, Microsoft Exchange Server 2007 Service Pack 1, Microsoft Exchange Server 2003 Service Pack 2

  • atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB981832
Feedback