The US Department of Homeland Security has said that it believes exploits are being created to attack computers compromised by a vulnerability recently disclosed by Microsoft in its Windows operating system.

The vulnerability, which is found in Windows 2000, Windows XP, Windows NT, and Windows Server 2003, first came to light 16 July. The problem relates to the Remote Procedure Call protocol, which allows a computer to run code on a remote system. A malformed request sent over TCP/IP port 135 could result in a buffer overflow, and allow an attacker to install code of his choice, change or delete data, and create new accounts on the PC.

Although Microsoft posted a patch on its TechNet Web site, the US Department of Homeland Security's advisory is intended to get the word out that the vulnerability is both extremely serious, and that there's the potential for attack.

"The Department is concerned that a properly written exploit could rapidly spread on the Internet as a worm or virus in a fashion similar to Code Red or Slammer," said the National Cyber Security Division, part of Homeland's Information Analysis, and Infrastructure Protection directorate, in a statement.

The National Cyber Security Division, created just this June, has the task of detecting, deflecting, and defending against Internet-based attacks on both government and critical private sector networks. The former National Infrastructure Protection Center, which was founded by the FBI in 1998, is now part of this division, and was the agency which released the advisory.

Although Homeland Security didn't disclose the reasons why it released the advisory, it did say that that "exploits are being developed for malicious use".

It recommended that system administrators update at-risk systems as soon as possible, and block TCP and UDP ports 135, 139, and 445 for inbound connections unless they're absolutely necessary for business.

Copyright (c) 2003 CMP Media LLC