Microsoft on Tuesday released three security bulletins to secure flaws discovered in ISA Server 2000, Exchange Server 2003, and Windows. The most severe flaw, rated as critical by Microsoft, is in ISA Server 2000.

The Microsoft Internet Security and Acceleration Server 2000 flaw, detailed in bulletin MS04-001, is located in the application's H.323 filter; if left unpatched, it could place the app at risk for a buffer-overflow attack against its firewall. If successful, the attacker could gain complete control over the system, Microsoft warns in its bulletin. The H.323 filter is turned on by default on servers running ISA Server 2000 in firewall or integrated mode.

The second flaw, detailed in bulletin MS04-002, is rated moderate by Microsoft. The flaw appears difficult to exploit, but would let attackers access certain E-mail boxes of customers using Exchange 2003 front-end server and Outlook Web Access. Microsoft says the flaw causes "random and unreliable" access to mailboxes that have been recently accessed via Outlook Web Access.

The third vulnerability affects Microsoft Data Access Components, a collection of components that provide database connectivity on systems running the Windows operating system. As detailed in bulletin MS04-00, the flaw has been found in MDAC versions 2.5, 2.6, 2.7, and 2.8, which are included with Windows 2000, SQL Server 2000, Windows XP, and Windows Server 2003, respectively. This flaw could allow the comprise of these systems and let an attacker run malicious code on an at-risk system.

Microsoft urges its customers to update their systems quickly.