The flaw, which Microsoft rates as important, is in the Windows Help and Support Center because of the way it handles HCP URL validation. If a user is logged on with administrative privileges, an attacker who exploits the flaw could take over a system, according to Microsoft.
The vendor issued a patch for the vulnerability, which affects Windows XP and the XP 64-bit edition plus Windows Server 2003 and the Server 2003 64-bit edition.
"This is a monumental decrease from last month's salvo of 20 vulnerabilities to just the one non-critical one disclosed this month," David Endler, Tipping Point director of digital vaccine, said in a prepared statement. "Network administrators still reeling from last month's round of announcements and subsequent exploit and worm releases are surely exhaling a large sigh of relief."
Microsoft's move to a monthly release schedule for security bulletins helps administrators manage system updates, but the window between vulnerability disclosure and exploit release is shrinking, he added.
_(36).jpg&h=140&w=231&c=1&s=0)
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
