I found Hotfix 314380 that should address this vulnerability but have not applied it directly.
The media server has been updated to SP3 and the client has been pushed down to the server with the vulnerability.
The client has been uninstalled and re-installed but the vulnerability is still reported.
A re-boot was not requested during the installs, and this is a high use production server that we can't re-boot unless absolutly necessary.
Any thoughts?