Both of the security holes could be used by hackers to execute code remotely on a user's PC and take full control.
"An attacker could then install programs, view, change or delete data, or create new accounts with full user rights," said the Microsoft statement accompanying the update.
"The vulnerability in Exchange Server poses a serious concern as it does not require any user interaction to be exploited, making the vulnerability a worm candidate."
Ijzerman also said it was "interesting" that Microsoft had issued a patch for vulnerabilities that were previously patched by Adobe.
"This is the first time in recent memory that Microsoft has published a patch for third-party software," he explained.
"In this case, it is probably because the Macromedia patch was not widely deployed and Microsoft's updates will help ensure that its customers are protected."
Tuesday's update also fixes a denial of service vulnerability in Microsoft Distributed Transaction Coordinator (MSDTC).
The problem could be exploited to send a specially crafted network message to an affected system that would stop it responding. Microsoft rated the MSDTC update as 'moderate'.
Apple, Samsung, Google and others rush to go ever-higher upmarket is putting off potential customers
Laser tech can charge mobile phones from across a room
AMD's Zen chip roll-out continues with the focus on high-power embedded applications
And becomes the team's executive chairman to boot