Windows 2000 Patch the Lone Fix for May

According to the plan, Microsoft released only one security bulletin for the patch can be Tuesday in its monthly events. BO patch of a "critical" flaw in Windows 2000, allows hackers easy to control a computer through the Internet transactions.

Microsoft appeal loopholes "in view of the Internet into the script loopholes," including software patches, which in the new Security Bulletin MS05 - 024.

The vulnerability was publicly disclosed before Microsoft released a notice, and proof-of-concept code has also been published. According to Microsoft, the company has not received any reports of its customers being attacked through the security holes.

Remote code execution vulnerability stems from the way Windows Explorer browsing Web pages dealing with certain HTML characters in preview fields. "By persuading users preview a malicious file, the attacker could execute arbitrary code in the login users," said Microsofts security response center.

Microsoft cited the amount of user interaction required for the attack to succeed, and the classification rated the flaw as "important" rather than "critical." Unlike many loopholes, and is open to the public being exploited through a URL, this flaw can not be used automatically by e-mail, according to Microsoft.

The bug affects Windows 2000 systems with Service Pack 3 or Service Pack 4. SP2 systems for the tests, because Microsoft has formally ended, in support of this and previous Service Pack. The flaw does not appear to affect Windows 98 or Windows 98 itself. Windows Me contains the affected component, but Microsoft did not patch the Windows 9.x platform, unless the vulnerability is critical.

Released only one notice is consistent with Microsofts statement last week that only one security bulletin will be forthcoming in May. The attendant heavy month of April, Microsoft released eight security bulletins.

The bulletin was http://www.microsoft.com/technet/security/bulletin/ms05-024.mspx.