You want to ensure that your Exchange servers have the most up-to-date set of security patches.
Download the current version of Microsoft Baseline Security Analyzer (MBSA) tool from http://www.microsoft.com/mbsa. Follow the included instructions to install it on a Windows 2000, Windows XP, or Windows Server 2003 machine that belongs to a domain in the same forest as the servers you want to scan.
Open MBSA (c:\program files\Microsoft Baseline Security Analyzer\mbsa.exe).
From the initial MBSA page, choose whether you want to scan a single computer or more than one by clicking the appropriate link:
If you want to scan a single computer, you can specify it by computer name or IP address.
If you need to scan multiple computers, you can choose to scan by domain (in which case, MBSA will scan all computers it can see in that domain) or by IP address range.
You can optionally specify a format for the names of the reports produced in either mode; by default, the report name will include the domain name, computer name, and date and time of the scan. To speed up the scans as much as possible, you should uncheck the Check for weak passwords and Check for SQL vulnerabilities boxes (provided, of course, that you're only scanning your Exchange servers!).
Click Start scan. MBSA will attempt to fetch the latest version of the security updates list from Microsoft's web site, then it will begin scanning ...