|
Windows Exchange Server远程缓冲区溢出漏洞(2) *>
建议:
--------------------------------------------------------------------------------
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 使用SMTP协议检测过滤SMTP协议扩展:
默认ISA for Exchange规则可过滤SMTP协议扩展,详细可参看:
http://support.microsoft.com/default.aspx?scid=kb;en-us;311237.
* 使用防火墙限制SMTP的使用。
* 只接收验证过的SMTP会话,通过使用SMTP AUTH命令限制只接收验证过的会话。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS03-046)以及相应补丁:
MS03-046:Vulnerability in Exchange Server could allow Arbitrary Code Execution (829436)
链接 http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
补丁下载:
Microsoft Exchange Server 5.5, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=A9E872EA-54B0-4179-8AE9-5648BFB46459&displaylang=en
Microsoft Exchange 2000 Server, Service Pack 3
http://www.microsoft.com/downloads/details.aspx?FamilyId=7BAF5394-1B4E-4937-A570-9F232AE49F01&displaylang=en
|
