Microsoft has recently released information about a critical vulnerability found in their Exchange Server product. The vulnerability, if exploited, could allow a remote attacker to execute arbitrary code and gain complete control of the Exchange mail server.

The following Microsoft Exchange Server products are affected:

  • Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
  • Microsoft Exchange Server 2003 Service Pack 1
  • Microsoft Exchange Server 2003 Service Pack 2

Security patches to address affected products can be obtained at:
http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx