Microsoft on Tuesday detailed a new vulnerability in Windows XP and Windows Server 2003 that could enable an attacker to remotely execute malicious code.
The software maker described the problem as "important," its second-highest rating for such problems. Antivirus software maker Symantec, meanwhile, characterized the vulnerability as "high risk," citing the impact that there could be if the vulnerability was successfully exploited.
The flaw exists in the way Windows' Help and Support Center validates information that is sent to it. The software maker released a patch for the vulnerability and urged customers to "install the update at the earliest opportunity." The patch is posted to the company's security Web site, as is a bulletin outlining the flaw.
The bulletin was released as part of Microsoft's regularly scheduled monthly security update, according to Stephen Toulouse, a security program manager in the Microsoft Security Response Center. As for the rating level, Toulouse said Microsoft typically only deems vulnerabilities "critical"--the highest level--if they can be exploited without the user taking any action.
News source: C|Net News.com