AirScanner has released details of a security vulnerability involving ActiveSync 3.7.1 and 3.8. Essentially, a hacker could capture a Pocket PC password by sending a packet to a machine using LAN sync through ActiveSync. The threat is rated low for denial of service attacks and medium for password collection attack. Essentially, if you reuse your passwords, the hacker now has possible access to other sites or information. Airscanner recommends blocking access to port 5679 by using a firewall. Microsoft has been notified of this issue.
Source: Pocket PC Thoughts