An attacker, by sending a long string of data as the remote host name while conversing with the SMTP server, could consume all available CPU cycles.
This vulnerability was discovered by Delphis Consulting and no demonstration code or URL was provided.
Once more information becomes available it will be added.
According to Delphis Consulting, there has been no vendor response or solution provided to this problem. The vendor replied to Windows IT Security emails thanking us for reminding them and ensures us that a patch will be worked on in the near future.