If the worm successfully infects a PC it allows hackers to gain access over the computer, giving them the ability to control what it does and steal information from the unsuspecting user.
"This flaw in Microsoft's code has only been known about for a handful of days, and already there is a worm which is taking advantage of the problem in its attempt to infect as many PCs as possible. Time and time again hackers are forcing companies like Microsoft to scrabble around to develop, test and roll-out a software patch," said Graham Cluley, senior technology consultant for Sophos. "Businesses should ensure that their computers are properly configured, and protected with up-to-date anti-virus software, hardened firewalls and patches."
The worm can also exploit a vulnerability present in Symantec's anti-virus product line, which was patched a year ago.
Microsoft has published an advisory on its Web site giving guidance to companies who may be affected by the flaw in its software.
The news of the worm comes a week after Microsoft patched a series of other critical vulnerabilities in its software.
"The computer underground appear[s] to be ... in waiting until Microsoft has released its monthly batch of patches, before unleashing their latest attacks," continued Cluley. "It's not just businesses who are being affected by this, but Microsoft will not be enjoying having the security of their software brought into question again."
