Microsoft has released one critical security update for the Exchange messaging server, and two security updates for Windows. One of the fixes, which is rated as critical, could allow unauthorized software to be installed without user action.

The Exchange flaw could allow a remote user to send e-mail with malicious content in it that would take control of Exchange or even the entire server.

With the Windows flaws, one was in the version of Adobe Flash Player that comes with the operating system. A problem there could lead to malicious Flash-based Web sites or animated files that could take control of a machine. Other addressed flaws concerned the Microsoft Distributed Transaction Coordinator (MDTC).