Microsoft yesterday published Microsoft Security Bulletin MS10-024. This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service.
KB976323 provides detailed information on the security update for Windows SMTP Service, for Exchange Server specific information, see the following links:
- For Exchange 2000 Server see KB976703 or download here
- For Exchange Server 2003 SP2 see KB976702 or download here
- For Exchange Server 2007 SP1 see KB981407 - Update Rollup 10 or download here
- For Exchange Server 2007 SP2 see KB981383 - Update Rollup 4 or download here
- For Exchange Server 2010 see KB981401 - Update Rollup 3 or download here