The flaw, which Microsoft rates as important, is in the Windows Help and Support Center because of the way it handles HCP URL validation. If a user is logged on with administrative privileges, an attacker who exploits the flaw could take over a system, according to Microsoft.
The vendor issued a patch for the vulnerability, which affects Windows XP and the XP 64-bit edition plus Windows Server 2003 and the Server 2003 64-bit edition.
"This is a monumental decrease from last month's salvo of 20 vulnerabilities to just the one non-critical one disclosed this month," David Endler, Tipping Point director of digital vaccine, said in a prepared statement. "Network administrators still reeling from last month's round of announcements and subsequent exploit and worm releases are surely exhaling a large sigh of relief."
Microsoft's move to a monthly release schedule for security bulletins helps administrators manage system updates, but the window between vulnerability disclosure and exploit release is shrinking, he added.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
