Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.