Microsoft on Tuesday posted one security bulletin for May, a stark contrast to the rash of vulnerabilities it warned of in April.
The flaw, which Microsoft rates as important, is in the Windows Help and Support Center because of the way it handles HCP URL validation. If a user is logged on with administrative privileges, an attacker who exploits the flaw could take over a system, according to Microsoft.
The vendor issued a patch for the vulnerability, which affects Windows XP and the XP 64-bit edition plus Windows Server 2003 and the Server 2003 64-bit edition.
“This is a monumental decrease from last month’s salvo of 20 vulnerabilities to just the one non-critical one disclosed this month,” David Endler, Tipping Point director of digital vaccine, said in a prepared statement. “Network administrators still reeling from last month’s round of announcements and subsequent exploit and worm releases are surely exhaling a large sigh of relief.”
Microsoft’s move to a monthly release schedule for security bulletins helps administrators manage system updates, but the window between vulnerability disclosure and exploit release is shrinking, he added.