Fix for Exchange 2000 causes mail snags

Security-conscious mail-system administrators got a surprise when they installed the latest patch from Microsoft: a broken email gateway.

Posted on Thursday last week, the patch was intended to repair a vulnerability in Microsoft's Exchange 2000 mail server, but instead, caused serious mail problems, according to several users.

"We have had severe email problems since applying the fix," wrote Trey Carr, IS manager at ZonaFinanciera.com. "I guess MS is getting in too big of a hurry to test their hotfixes before they post them.... Our ability to send and receive mail was completely stopped by this 'fix'. I am using (a Web-based email service) to send (this message) because our server is completely hung." On Friday, Microsoft pulled the patch, replacing it with a simple statement.

"Due to a problem that was discovered in this hotfix, the binaries have been removed," read the explanation on the software giant's download site. "An updated version of this fix will be released by Monday, 11 June at the latest."

Microsoft announced on Thursday that a security hole existed in the Outlook Web Access module included in Exchange 2000. The module allows people to read mail remotely using a Web browser, but the hole meant online vandals could manipulate the program and delete, modify or add data to a person's mailbox.

As of Friday, Microsoft was unable to confirm whether the problem with the patch actually existed.

"We received some technical report of potential issues with the bulletin," said a Microsoft representative. "So we have pulled down the patch while (we) check."