Microsoft has recently released information about a critical vulnerability found in their Exchange Server product. The vulnerability, if exploited, could allow a remote attacker to execute arbitrary code and gain complete control of the Exchange mail server.
The following Microsoft Exchange Server products are affected:
-
Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
-
Microsoft Exchange Server 2003 Service Pack 1
-
Microsoft Exchange Server 2003 Service Pack 2
Security patches to address affected products can be obtained at:
http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx