Flaw Turns IIS Into Spam Tool
Intending to streamline server functions and ease the task of system administration, Microsoft enabled by default the installation of an SMTP sever on all versions of its Internet Information Server, or IIS Web sever package. SMTP, or Simple Mail Transfer Protocol, controls all e-mail sent to and from a server. Microsoft has issued a security bulletin addressing a vulnerability in this SMTP sever which allows an attacker to perform unauthorized relaying, which is responsible for much of the spam that unfortunate Web users receive everyday. The software giant has released a patch that fixes the flaw, and recommends that users disable or even remove SMTP if they do not use it.
The patch applies for both Windows 2000 Professional and Server products, but does not affect Exchange Server 5.5 or 2000 - which uses a distinct code impervious to this specific flaw. For more information and to download the update, visit Microsoft TechNet Security.