Microsoft released four patches on Tuesday, each fixing a single vulnerability, with the only critical flaw affecting Windows 2000.

The critical vulnerability impacts the way that the Microsoft Agent software in Windows 2000 Service Pack 4 handles certain Uniform Resource Locators (URLs). A specially crafted URL could allow an attacker to remotely execute code on an unpatched system, the software giant said in an advisory published on Tuesday.

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," Microsoft stated in the advisory. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

Another flaw fixed on Microsoft's monthly patch day included a vulnerability in the way that MSN Messenger and Windows Live Messenger handle a webcam or video chat request from an attacker. In June, Yahoo fixed flaws in the way that its own instant messaging client handled video cam requests.

Microsoft fixed two other issues, including a flaw in Windows Services for Unix and a vulnerability in the way that Crystal Reports for Windows Studio handles report files.

If you have tips or insights on this topic, please contact SecurityFocus.