On July 9, 2003, Microsoft released details regarding a patch for a vulnerability that results from a buffer overrun situation. While there's not a high chance of encountering this problem on a server, it could result in the execution of arbitrary code with the credentials of the currently logged in user.
As with most vulnerabilities that allow the execution of arbitrary code, Microsoft has rated this problem Critical, and it urges administrators to apply the appropriate patch. This affects all versions of Windows, including Windows Server 2003, although the newest OS has other protections, so it's rated only as a moderate risk.
The vulnerability lies in the HTML converter, in the way Windows handles cut-and-paste operations. Visit Microsoft's Web site to install the patches that correct the buffer overrun for Windows NT 4.0 Server and Windows NT 4.0 Terminal Services Edition.