An unpatched flaw in a core component of Windows 2000 might be exploited to launch computer worms, security researchers warns. The flaw was discovered by security research firm eEye Digital Security. The firm is withholding details pending the release of a software patch. Microsoft is investigating the issue, which is complicated by its decision to wind down support for the operating system.

The flaw affects a core component of Windows 2000 that can't be disabled, meaning a workaround is unlikely, according to security firm eEye, which discovered the bug.

The company said it won't release details of how the flaw works, until Microsoft has issued a patch. However, it said the vulnerability isn't limited to Windows 2000 alone - Internet Explorer, Windows Server 2003, Windows XP and XP SP1 are all vulnerable, its advisory states.