Microsoft: Just One Windows Patch For May

Microsoft patched a solitary vulnerability in Windows, a dramatic decrease from April's massive roll-out of 18 fixes.
Microsoft patched a solitary vulnerability in Windows Tuesday, a dramatic decrease from April's massive roll-out of 18 fixes.

The second Tuesday of each month, the Redmond, Wash.-based develop posts security bulletins (if it has any) and provides patches to fix the flaws. May's collection consisted of just one vulnerability in only one currently-supported version of Microsoft Windows, Windows 2000 SP3/SP4. Microsoft XP and Windows Server 2003 are unaffected.

The flaw, said Microsoft, is in the Web View feature within Windows Explorer, the file viewer built into the operating system. An attacker able to convince a user to open a specially-crafted file and preview it in Windows Explorer could execute code of his choice remotely to take control of the PC.

Microsoft rated the bug as "Important," the second-highest warning in its four-step ranking system. As is usual, the patch can be retrieved from the Microsoft Web site or using the Windows Update service.

The security bulletin, labeled MS05-024 also includes instruction on disabling Web View if it's impossible to deploy the patch immediately.

To turn off Web View, open My Computer, then under the Tools menu, choose "Folder Options." On the General tab, in the Web View section, select "Use Windows classic folders." Click OK, log off, then log back on.

Editor's Choice
James M. Connolly, Contributing Editor and Writer
Carrie Pallardy, Contributing Reporter
Roger Burkhardt, Capital Markets Chief Technology Officer, Broadridge Financial Solutions
Shane Snider, Senior Writer, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
John Edwards, Technology Journalist & Author