According to Microsoft’s security bulletin, the Windows 2000 fix targets a flaw within Microsoft Agent, which would allow an attacker to remotely execute code on the affected system if a certain URL page has been visited. The flaw especially affects users with administrator rights, while those whose accounts are configured to have fewer user rights could be less impacted.

The other three updates target Crystal Reports for Visual Studio, Windows Services for UNIX and MSN/ Windows Live Messenger and are rated “important”.

The vulnerability in Crystal Reports for Visual Studio is also related to remote code execution and it’s likely to kick in if a user opens a specially crafted RPT file. The above-stated “less rights, less trouble” policy still applies.

The next update aims to fix a flaw in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications, which allows an attacker to gain elevation of privilege if the user runs certain setuid binary files.

The last vulnerability on September’s fix list targets MSN Messenger and Windows Live Messenger. The flaw allows remote code execution and could allow the attacker to take complete control of the affected system. All the user has to do is to accept a video chat invitation from an attacker.