The flaw, which Microsoft rates as important, is in the Windows Help and Support Center because of the way it handles HCP URL validation. If a user is logged on with administrative privileges, an attacker who exploits the flaw could take over a system, according to Microsoft.
The vendor issued a patch for the vulnerability, which affects Windows XP and the XP 64-bit edition plus Windows Server 2003 and the Server 2003 64-bit edition.
"This is a monumental decrease from last month's salvo of 20 vulnerabilities to just the one non-critical one disclosed this month," David Endler, Tipping Point director of digital vaccine, said in a prepared statement. "Network administrators still reeling from last month's round of announcements and subsequent exploit and worm releases are surely exhaling a large sigh of relief."
Microsoft's move to a monthly release schedule for security bulletins helps administrators manage system updates, but the window between vulnerability disclosure and exploit release is shrinking, he added.