An exploit code has popped up on several hacking Web sites for a critical
flaw only days after Redmond issued a patch
The patch, which addresses a vulnerability in the Windows Plug-and-Play system, automatically recognizes and configures devices plugged in to the computer.
The exploit can lead to a remote system compromise, allowing an attacker to take control of an affected computer, according security firm eEye.
This flaw is similar to other serious vulnerabilities that have been used in the past to create worms such as Blaster and Sasser, eEye said.
“On discovering two instances of exploit code online, the research team conducted thorough testing to confirm that both present a legitimate threat to Windows 2000 systems,” the company said in an alert.
Researchers at eEye say two working exploits appeared in the past few days that could give a hacker control of a target PC.
Updated versions of Windows Server 2003 and Windows XP are not as vulnerable as Windows 2000, but still could be affected by remote users or those within local systems, the company said.
On Tuesday, as part of its monthly patch program, Microsoft said the Windows 2000 system is an easy target for the plug-and-play and print spooler vulnerabilities.
“Windows 2000 systems are primarily at risk from this vulnerability,” the bulletin said.
Computers running Windows XP and Server 2003 are also at risk, according to eEye, however the exploit is more difficult to use on these machines.
“One exploit, released by an anonymous author, will bind a command prompt to TCP port 8721. Users should consider this patch highly critical, and should install it as soon as possible,” Microsoft said.