Microsoft this week has announced a newly-discovered vulnerability in its Windows Explorer for Windows 2000. When the vulnerability is triggered, someone wishing to exploit the vulnerability would be able to remotely execute code on the user’s system, the advisory explained.

“A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute code. However, user interaction is required to exploit this vulnerability,” said the announcement.

Users with Microsoft Windows 2000 SP3 and SP4 are broadly affected. Users with Microsoft Windows Millennium Edition have the affected component as well, however, Microsoft does not consider the risk to Windows ME systems to be critical, and Microsoft’s policy for support for Windows ME (along with Windows 98) is that “Microsoft will only release security updates for critical security issues. Non-critical security issues are not offered during this support period.”

The Microsoft Web site suggests the following workaround to the vulnerability…

[Continue reading Microsoft Announces Web View Security Hole In Windows 2000]