Microsoft has issued two critical security patches to protect its Exchange e-mail platform and its Windows operating system.
The patches are part of Microsoft's monthly scheduled security update cycle.
Critical flaws in Microsoft Exchange Calendar and Adobe's Macromedia Flash Player running on Windows could allow remote attackers to run arbitrary code on users’ systems, said Microsoft.
The company has also issued a patch to address a “moderate” threat for a flaw in Windows. This third patch blocks a weakness that could allow a malicious attacker to launch a denial-of-service attack by sending a network message through the system to exploit the flaw.
On the Exchange flaw, Microsoft said, “An attacker could exploit the vulnerability by constructing a specially crafted message that could potentially allow remote code execution when an Exchange Server processes an e-mail with certain properties.”
Security software company Symantec warned users that the Exchange flaw was the most serious of the three vulnerabilities patched.
The Macromedia Flash Player flaw affects versions 5 and 6, and could be used to take over users’ systems if they visit certain malicious websites.