Microsoft yesterday issued an "important" Windows security fix as part of its monthly patch cycle, designed to stop an attacker taking over a user’s PC.
As well as tackling a script injection vulnerability, Microsoft also published two alerts as part of its new Microsoft Security Advisories programme, designed to provide temporary workarounds until patches, if required, can be issued by the company.
The monthly security patch addresses a vulnerability in Windows 2000 Service Pack 3 and 4. Newer Windows operating systems are not affected.
Older versions of Windows, including Windows 98 and Windows 98 Second Edition are also affected, but the patch does not protect these operating systems as Microsoft no longer offers support for non-critical security flaws in these programs.
Microsoft said the patch tackles a remote code execution vulnerability in the way that Web View in Windows Explorer handles certain HTML characters in preview fields.
Unpatched machines could allow an attacker to install programs and view and change data with full user rights, said Microsoft.
The company also issued two advisories on potential problems that may or not require patches.
These included an issue with Windows Media Player digital rights management, and one concerning a simple mail transfer protocol (SMTP) issue in Windows Server 2003 Service Pack 1.