The more serious of the two flaws is a remote code-execution vulnerability affecting Outlook and Exchange Server. The problem involves the way the software decodes message-formatting instructions stored in the Transport Neutral Encapsulation Format (TNEF), which is used when e-mail is transmitted in the Rich Text Format.

The flaw could allow an attacker to gain complete administrative control of compromised systems, according to Microsoft. The company said in a security bulletin that the vulnerability could be triggered when an end user opens or previews a malicious e-mail message or when Exchange Server processes such a message.

What makes the TNEF flaw particularly dangerous is the fact that it doesn't require any action by users in order to be exploited, said Michael Sutton, director of VeriSign Inc.'s iDefense Labs unit in Reston, Va.

"All that needs to take place is for an e-mail to get sent to a server," Sutton said.

But exploiting the flaw likely won't be easy, said Alain Sergile, technical product manager for the X-Force team at Internet Security Systems Inc. in Atlanta. "We think that from a software engineering perspective, it will be fairly complicated to exploit, but it is feasible," Sergile said.