Another malicious code could be used to attack Windows

Code is beginning to spread on the Internet that poses a threat to Windows 2000 or Windows XP without security patches.

EEye Digital Security reported discovering code on the Internet that affected improperly updated Windows 2000 and Windows XP (SP1) operating systems. The company has classified the code as a medium-threat threat, as it is difficult to use for remote attacks in Windows 2000 and not for remote attacks in Windows XP SP1.

According to eEye Digital Security, code can be used to initiate denial-of-service attacks that make computer resources completely occupied. Running code on Windows 2000 operating systems is only possible if attackers find an RPC port open. This is not available when using a properly configured firewall. For Windows XP SP1, the code is a threat only if an attacker can log on locally to the selected computer.

Microsoft recommends that you upgrade your operating systems and use a firewall to prevent attacks. The company believes that it is important to install the hotfix that is included with security bulletin MS05-047 to address the risks posed by the above malicious code.