Microsoft is baffled by these latest exploits and will only say that a "significant number" of servers have been affected.
Gunter Ollmann, manager of Internet Security Systems' X-force security assessment service, said the problem does not appear to be a worm but may be an automated brute force attack that searches the Internet for vulnerable servers.
Brute force attacks usually bombard servers with a dictionary of potential passwords to find a victim but Ollmann said this may be a variant that seeks out unsecured ports.
The attacks could be extremely serious because the exploit installs a backdoor to systems for future access and can change Active Directory security permissions to create unauthorised accounts with administrator privileges.
Microsoft's advice on finding and eradicating the problem can be found at http://support.microsoft.com/default. aspx?scid=kb;en-us;Q328691