Have you patched your Exchange server
This months security patches include a patch for Exchange 2000 (post SP3) and Exchange 2003 (SP1 and SP2). We have discovered a vulnerability where Microsoft Exchange could allow remote code execution.
There is some more information here but the best course of action is to go to Microsoft Update and download the patch
