The affected Exchange versions are 2000, 2003 and 2007. Microsoft rates the probability of a hack as a two on its Exploitability Index, which means attack code would not work every time.

Experts say hackers able to exploit an Exchange Server could end up with a valuable piece of real estate from which to do damage.

"You would be sitting in a privileged spot on the network where you could do network reconnaissance and look for file shares and resources like that," says Wolfgang Kandek, CTO of Qualys.

The critical patch for IE 7 -- MS09-002 -- addresses vulnerabilities in the latest Microsoft browser running on Windows XP and Vista. The vulnerability, which could allow hackers to take over a user's desktop and install software, is rated moderate for IE 7 running on Windows Server 2003 and 2008.

Microsoft also issued two other patches, including one for SQL Server that some experts say should have been rated "critical" rather than "important."