Microsoft Security Advisory MS01-037 - The Windows 2000 SMTP service, which is installed by default, allows unauthorized users to successfully authenticate to the service using incorrect credentials. An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service and perform mail relaying via the server. Microsoft FAQ on this issue available here.
7d3ed4b66cfeab0d4a76065bf994f2e1498f2676ac11b99f097bc2f915034245