Core Security Technologies Advisory – Prior to MS10-024 the Windows SMTP Service generated DNS queries with trivially guessable values in the transaction ID field. The issue was addressed in MS10-024 by adding a call to the ‘CAsyncDns::GenerateRandWord’ method when building the DNS query. Prior to MS10-024 the Windows SMTP Service did not check that the value of the ID field of a DNS response received from the network actually matched the value of the ID field of a corresponding DNS query packet previously sent. The issue was addressed in MS10-024 by adding validation logic to the ‘CAsyncDns::ProcessReadIO’ method.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/89207/CORE-2010-0427.txt
Source: https://packetstormsecurity.com/files/89207/Core-Security-Technologies-Advisory-2010.0427.html