Microsoft has release an advisory that details the scope of the vulnerabilities, which points out the severity of the more serious 'buffer overflow' glitch.
"[The vulnerability] could provide the attacker with the ability to take any desired action on the machine, such as adding, deleting, or modifying data on the system, and creating or deleting user accounts," it says.
Despite the seriousness of the vulnerabilities, Microsoft has not recommended the immediate application of a software patch that eradicates the security flaws, and has rated the issue as important, but not critical.
"Systems administrators using Microsoft BizTalk should consider applying the patch," the advisory says.
The less serious glitch is a 'SQL injection' vulnerability that may allow an attacker to execute malicious SQL statements.
That problem has been rated as moderate. SQL injection vulnerabilities can lead to database statements being executed that may lead to loss and modification of data.
The problems were found by security researcher Cesar Cerrudo, who reported the problems to Microsoft and worked with them to produce a fix.
