Windows users should make sure their firewalls are properly configured so they don't fall victim to an attack by way of a new operating system flaw, Microsoft warned in an advisory Thursday. The software giant acknowledged that proof-of-concept exploit code is circulating.
"Microsoft is aware of public reports of proof-of-concept code that seeks to exploit a possible vulnerability in Microsoft Windows 2000 Service Pack 4 (SP4) and in Microsoft Windows XP Service Pack 1 (SP1)," the company said. "This vulnerability could allow an attacker to levy a denial-of-service attack of limited duration."
But the company stressed that the security hole isn't easy to exploit, saying, "On Windows XP Service Pack 1, an attacker must have valid logon credentials to try to exploit this vulnerability… [which] could not be exploited remotely by anonymous users."
Danish vulnerability clearinghouse Secunia said the flaw, discovered by researcher Winny Thomas, "is caused due to a memory allocation error when handling UPnP GetDeviceList requests via RPC." The firm said this could be exploited to cause "services.exe" to consume a large amount of memory for a limited period of time.
Microsoft said the affected component is available remotely to users with standard user accounts, and that customers running Windows XP SP2, Windows Server 2003 and Windows Server 2003 SP1 are not affected.
"Microsoft is not aware of active attacks that use this vulnerability or of customer impact at this time," the software giant added. "However, Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary."
A Microsoft spokesman said in an e-mail that the company was concerned about the flaw not being disclosed responsibly, adding, "We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."
Though no patch is currently available, the company said users should be protected as long as their firewalls are properly enabled.
This article originally appeared on SearchSecurity.com.