Microsoft released three patches – two of which it deems critical - on Tuesday in the May edition of its regular Patch Tuesday update cycle.

Most seriously there's a critical vulnerability in Microsoft Exchange which allows remote code execution (MS06-019). This security bug in Microsoft Exchange's calendar function could lead to a worm, security tools firm ISS warns.

The flaw might be exploited by hackers by sending a specially crafted email message with malformed vCal or iCal properties to a vulnerable server. Administrators running either Exchange 2000 or Exchange 2003 servers need to apply patches.

Microsoft also warns of a vulnerability in Adobe's Macromedia Flash Player that creates a means to run hostile code on Windows PCs. Adobe issued a patch for the vulnerability back in March, but Microsoft techies now reckon it merits its own patch (MS06-020).

Last up, Redmond warns of a moderate risk flaw in Microsoft Distributed Transaction Coordinator that can stop systems responding, thereby representing a denial of service risk. Microsoft's summary of these three updates can be found here. ®

Related stories

• Bot spreads using latest Windows flaw (17 August 2006)
• Worm feasts on latest Windows vuln (14 August 2006)
• Unwanted exposure for new Excel flaw (19 June 2006)
• MS patch glitch cripples HP computers (18 April 2006)
• MS releases long-awaited IE fix (12 April 2006)
• MS issues Office überpatch (15 March 2006)
• Adobe patches Acrobat, Reader flaws (17 December 2004)