An Exchange Server related security bulletin was released yesterday. Here are some details; please go and get the patches that apply to your Exchange version!
Issued: May 08, 2007
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately
Security Update Replacement: This bulletin replaces two prior security updates. See the Frequently Asked Questions (FAQ) section of the bulletin for details.
- Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
- Microsoft Exchange Server 2003 Service Pack 1
- Microsoft Exchange Server 2003 Service Pack 2
- Microsoft Exchange Server 2007
Additionally, you can read about all patches released yesterday on the Microsoft Security Response Center (MSRC) blog.
EDIT: One additional note about those fixes for Exchange 2000 and 2003. Please be aware that those fixes include the "Send As" behavior change as discussed in this KB article. Functionality of your 3rd party applications might be affected. Please make sure to check the article 912918!