Rogue code has been posted on the internet that could exploit a flaw in unpatched Microsoft Host Integration Servers.
The exploit forms part of Metasploit, a toolkit used by penetration testers and criminal hackers.
This Tuesday, Microsoft issued security bulletin MS08-059 to address the vulnerability posed to host servers.
Microsoft said the the vulnerability could allow remote code execution "if an attacker sent a specially crafted remote procedure call request to an affected system".
Redmond said the patch was a priority for system administrators. The rogue code could, however, be used by hackers before some organisations have time to check the suitabality of the patch for their systems.