Exchange User Account Vulnerability

A security vulnerability exists in Microsoft® Exchange 2000 Server and Exchange 2000 Enterprise Server which could potentially allow an unauthorized user to remotely login to an Exchange 2000 server and possibly other servers on the affected computer’s network.

Issue

In early shipments of Exchange 2000, setup creates an account with a known username and password. If a malicious user learned the username and password, he or she could log onto the account. Under normal circumstances, this account only has local user rights – it is not a privileged account and cannot access Exchange 2000 data. However, if Exchange 2000 were installed on a Domain Controller, the account would also have Domain user privileges, and could thus gain access to other resources in the affected Domain.

Affected Products

• Microsoft Exchange 2000 (prior to Rev. A)

Download

Patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25866

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: November 16, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<