Microsoft releases patch to fix remote code-execution hole
News Story by Todd R. Weiss

MAY 10, 2005 (COMPUTERWORLD) - Microsoft Corp. today released its monthly security update with a patch to repair a newly discovered "important" vulnerability in Windows that can allow remote code execution in Windows Explorer.

Both Windows 2000 Service Pack 3 and Windows 2000 Service Pack 4 are affected by the security bulletin. The vulnerability is not found in Windows XP or 64-bit XP, or in Windows Server 2003 and Server 2003 64-bit operating systems, according to the company.

The vulnerability is in Windows 98/98SE and Windows Millennium Edition, but the company no longer provides security updates for those older operating systems unless they are rated "critical."

Microsoft Security Bulletin MS05-024 said the patch fixes a remote code-execution vulnerability found in Windows Explorer's file management utility. The vulnerability involves the way that Web View in Windows Explorer handles certain HTML characters in preview fields, according to the company.