The more serious of the two flaws is a remote code execution vulnerability affecting Microsoft Outlook and Microsoft Exchange Server products.

The privately reported vulnerability involves the manner in which Exchange and Outlook decode a format called Transport Neutral Encapsulation Format (TNEF), which is used when sending e-mail messages in Rich Text Format.

An attacker who took advantage of the flaw would potentially be able to gain complete administrative control of a compromised system, according to Microsoft.

What makes the TNEF flaw particularly dangerous is the fact that it exists in Exchange and Outlook, both of which are widely used in corporate settings, said Alain Sergile, technical product manager for Atlanta-based Internet Security Systems Inc.'s X-Force team.

Adding to the threat is that the vulnerability does not need user participation in order to be exploited, said Michael Sutton, director of iDefense Labs in Reston, Va.