Microsoft did its monthly duty Tuesday, and alerted users of the 32- and 64-bit versions of Microsoft Windows XP and Windows Server 2003 that a vulnerability within the help system could allow remote attackers to take control of a computer, letting them delete files, drop in malicious code, or hijack the machine.
Unlike last month's tsunami of vulnerabilities, May's release -- on what some security experts dub "Black Tuesday" since Microsoft schedules its patches for the second Tuesday of each month -- today's is a single bulletin, a single vulnerability, and a single patch.
It was also rated by Microsoft as "Important," the second-highest level in the Redmond, Wash.-based developer's four-step labeling system. The four security bulletins released in April -- one that included a vulnerability that led to the Sasser worm -- had numerous "Critical" issues, the highest ranking Microsoft assigns.
"This isn't as dire as last month's [vulnerabilities,]" said Vincent Gullotto, vice president of Network Associates' AVERT team. "But users should still patch, say, within the quarter. Of course, if an exploit does appear, they will need to move much faster."
Gullotto doesn't expect an exploit anytime soon. "Frankly, there are more tempting targets in the vulnerabilities released last month that haven't been exploited yet," he said.