Microsoft have provided a patch for Exchange 2000 Server in order to fix a security problem that allowed hackers to log in remotely and gain access to other resources on the same domain.
The problems has appeared in earlier version of this application that allowed the setup utility to create an account with an known user name and password. If the hacker was aware of this name, they could then log onto this account or if Exchange 2000 were installed on a server acting as a domina controller, the account would have domain user provileges allowing access to others systems on the affected domain.
Microsoft stated that this issue existed because of a security oversight during development and that particular account was included during beta testing. It was supposed to have been removed before shipping, however, due to a production error, it remained in some of the early shipments.
Those users affected will be running Microsoft Exchange 2000 Server CDs and Microsoft Exchange 2000 Enterprise Server CDs, without Rev. A stamped on the CD on the line below the part number.
Further information will be available on Microsoft's website.