Microsoft patches critical remote-code-exec hole in Exchange Server and others