While this isn't a security blog, last week's ASN.1 vulnerability (MS04-007) requires your attention.
Without panic, all Windows NT/2000/XP/2003 systems need this patch. Because of the nature of the vulnerability, systems that accept authenticated connections are especially susceptible. This includes your Exchange Server.
As quoted in this ZDNet article, “TruSecure said business should give highest priority for patching to domain controllers, Exchange servers, Internet Information Servers (IIS) which use certificates and VPN and firewall appliances that accept authenticated connections.”
If you haven't patched already, then why not? [MS Exchange Blog]