Cyber crooks are using a yet-to-be-patched security flaw in certain Windows versions to attack computers running the operating systems, Microsoft has warned.
The attacks target Windows 2000 Server and Windows Server 2003 systems through a hole in the domain name system, or DNS, service, Microsoft said in a security advisory. The attacks happen by sending rigged data to the service, which by design is meant to help map text-based internet addresses to numeric internet protocol (IP) addresses.
Windows XP and Windows Vista are not impacted by the DNS flaw. Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are vulnerable, Microsoft said.