The second Tuesday of each month, the Redmond, Wash.-based develop posts security bulletins (if it has any) and provides patches to fix the flaws. May's collection consisted of just one vulnerability in only one currently-supported version of Microsoft Windows, Windows 2000 SP3/SP4. Microsoft XP and Windows Server 2003 are unaffected.
The flaw, said Microsoft, is in the Web View feature within Windows Explorer, the file viewer built into the operating system. An attacker able to convince a user to open a specially-crafted file and preview it in Windows Explorer could execute code of his choice remotely to take control of the PC.
Microsoft rated the bug as "Important," the second-highest warning in its four-step ranking system. As is usual, the patch can be retrieved from the Microsoft Web site or using the Windows Update service.
The security bulletin, labeled MS05-024 also includes instruction on disabling Web View if it's impossible to deploy the patch immediately.
To turn off Web View, open My Computer, then under the Tools menu, choose "Folder Options." On the General tab, in the Web View section, select "Use Windows classic folders." Click OK, log off, then log back on.