In its first security alert since Code Red, the company said an attacker could deplete the system's memory, effectively bringing it to a standstill, by sending malformed postings to the NNTP service. Such flaws are known as memory leaks.
The NNTP denial-of-service vulnerability does not allow attackers to gain control of the system or access data.
NNTP is an industry-standard protocol that specifies a method for posting, distributing, searching and archiving news articles on the Internet. The technology is used in the Usenet Internet newsgroup service.
Microsoft's NNTP service is installed by default on Windows 2000 servers and runs by default on Windows NT 4.0 if the Option Pack is installed. However, no groups are set up by default and a system is only vulnerable if newsgroups are configured and set up to accept postings.
An affected Windows NT 4.0 system can be restored by rebooting it, while Windows 2000 systems are designed to automatically restore service, Microsoft said. A patch to repair the flaw is available from www.microsoft.com/technet/security/bulletin/MS01-043.asp.