SEATTLE – Microsoft on Tuesday issued an “important” Windows security fix as part of its monthly patch cycle, tackling a script injection vulnerability that could allow an attacker to take over a PC.

The software giant also published two early alerts as part of its new pilot program, Microsoft Security Advisories, which confirms reports of flaws and provides workarounds until it can send out a patch, CNET.Com reported.

The monthly security bulletin addresses a vulnerability found in Windows 2000 Service Pack 3 and 4, which the company ranks as “important,” its second-highest severity rating. The flaw also appears in the older Windows 98, Windows 98 Second Edition and Windows Millennium Edition.

Security company Symantec has rated the risk from the flaw as “medium,” noting that some user interaction is required for it to be used for an attack. For example, the PC user would have to download a corrupt document or save the document from an e-mail attachment, then browse to the document using Windows Explorer.

More recent versions of the operating system are not affected by the flaw. Microsoft said it has tested Windows XP Service Pack 1 and 2, Windows XP 64-Big Edition Service Pack 1 and Version 2003 for Itanium, XP Professional x64 Edition, Windows Server 2003 and its Service Pack 1, Windows Server 2003 for Itanium-based systems and its related Service Pack 1 for the vulnerability.

Microsoft is urging people with Windows SP3 and SP4 to download the security update. For the older versions, Microsoft noted on its Web site that it does not offer security patches to older versions of its software that it no longer supports, unless the vulnerability is rated “critical.” The software giant did not offer any workarounds.

The software giant also released two security advisories of problems that do not necessarily require a patch from Microsoft. One notes a default setting in Windows Media Player Digital Rights Management could allow a user to open a Web page without requesting permission.

The second is a clarification of Microsoft’s simple mail transfer protocol (SMTP) Tar Pit feature in Windows Server 2003 Service Pack 1 for Exchange Server 2003.