“…Microsoft also released two other vulnerabilities: A ‘moderate’ flaw in Exchange Server 2003 that could allow privilege escalation; and an ‘important’ flaw that could allow attackers to run arbitrary code in Microsoft Data Access Components. MDAC ships with a variety of Microsoft products including Windows Server 2003, Windows 2000 and XP and SQL Server. Microsoft Data Access Components (MDAC) enable database operations on Windows systems….The Microsoft Data Access Components flaw is also pretty serious, Larholm said. It would probably be ‘critical’ if local network access wasn’t needed to exploit it. ‘DSL or cable users may be vulnerable if they don’t have a router or firewall,’ he said.”