The vulnerability in Microsoft's operating system could enable
remote intruders to enter a PC via its Internet Protocol address, Marc
Maiffret, chief hacking officer at eEye Digital Security, said on
Wednesday. As no action on the part of the computer user is required,
the flaw could easily be exploited to create a worm attack, he noted.
What may be particularly problematic with this unpatched security hole is that a work-around is unlikely, he said.
“You can't turn this (vulnerable) component off,” Maiffret said. “It's always on. You can't disable it. You can't uninstall.”
eEye declined to give more details on the flaw or the Windows 2000
component in question. As part of company policy, it does not release
technical details of the vulnerabilities it finds until the software's
maker has released either a patch or an advisory.