Exploit code has been published on the internet that can take advantage of security flaws in Windows XP SP1 and all versions of Windows 2000, Microsoft has warned.
The code, circulating on the internet, can be used to launch denial of service attacks through the two operating systems.
Although the threat has so far not been patched by Microsoft, the vulnerability is classed only as moderate because remote attackers would first have to gain security access to a user’s machine via a firewall, and start an attack from within an organisation.
The vulnerability was discovered by a security researcher in India who reverse-engineered a patch Microsoft issued last month to close a security flaw in a Windows plug-and-play feature.
Microsoft said it was looking into the matter, but said it was concerned that the flaw had been reported before it was told of the problem.
Security researchers have criticised Microsoft in the past for not acting quickly enough after going to the company with new flaws before they are made public.
Microsoft’s next monthly patching release is scheduled for 13 December.