Zero Day windows flaw
The vulnerability affects Windows Server 2003, XP, Vista and Server 2008, according to an advisory issued on Thursday.
If exploited, the bug can allow a user's privilege status to jump from "authenticated user" to "LocalSystem," Bill Sisk, security response communications manager for Microsoft, told SCMagazineUS.com.
Separately, researchers at McAfee Avert Labs said on Thursday they have detected public exploit code taking advantage of a vulnerability in a Microsoft Works.
McAfee analyst Kevin Beets wrote on the company's blog that the flaw is located in the ActiveX control of Microsoft Works' Image Server. Researchers said the code was posted on a number of Chinese blog sites.