Mini Patch Day For Microsoft
Monthly advisory reporting expanded as well.
As part of its monthly patch cycle, Microsoft also expanded its monthly advisory reporting going beyond security bulletins with additional items that impact users' security.
All told, May's security tally includes one security bulletin for its Windows Media Player and two advisories. Microsoft Security Bulletin MS05-024 is titled, ''Vulnerability in Web View Could Allow Remote Code Execution.'' The bug affects Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4. Window XP users are not affected by the vulnerability. The bulletin has a CVE reference of CAN-2005-1191 and is publicly known as the ''Web View Script Injection Vulnerability'' and is a remotely exploitable weakness.
''A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields,'' Microsoft's Bulletin states. ''By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user.''
Microsoft Security Advisory 892313, for example, details how a default setting in Windows Media Player DRM could allow a user to potentially open a Web page without requesting permission. The advisory does not provide any new information or a new update, which was already made in March 2005.