An unpatched flaw in a core component of Windows 2000 might be exploited to launch computer worms
, security researchers warns. The flaw was discovered by security research firm eEye Digital Security. The firm is withholding details pending the release of a software patch. Microsoft is investigating the issue, which is complicated by its decision to wind down support for the operating system.
The flaw affects a core component of Windows 2000 that can't be disabled, meaning a workaround is unlikely, according to security firm eEye, which discovered the bug.
The company said it won't release details of how the flaw works, until Microsoft has issued a patch. However, it said the vulnerability isn't limited to Windows 2000 alone - Internet Explorer, Windows Server 2003, Windows XP and XP SP1 are all vulnerable, its advisory states.