That is why you should block the .dat attachment ...until you can patch the server.

I would patch both client and server!!!

MLF [/B]
I hate to think what that might break though. Isn't the .dat file an integral part of an RTF formatted message?

Not one to put off patching though - although you don't need to reboot servers, the patch DOES restart the information store.

Not quite sure on how the exploit would be triggered, but because Exchange happily accepts ALL messages and gives an asynchronous bounce I guess that you might not even need a valid email address on the target system. So (and just speculating here) you could have some sort of worm rip through Exchange servers globally *very* quickly.

Remember the Witty worm?