Researcher Says Windows XP SP2 Has DoS Bug

"Microsoft is currently investigating public reports of a possible vulnerability in Windows," a spokesman said Friday afternoon. "We have not been made aware of attacks that try to use the reported vulnerability, or of [any[ customer impact."

The flaw, called Moderately critical by Secunia and first reported by a site called Security-Protocols.com, reportedly can be exploited against up-to-date and patched XP SP2 systems that have Windows Firewall set in the default configuration.

The researcher who posted the original alert on Security Protocols, who goes by badpack3t, claimed that he had notified Microsoft on May 4, and that Microsoft had informed him it would release a patch for the issue in its August 9 security round-up.

badpack3t has posted a screenshot showing an alleged error screen resulting from the vulnerability.

Microsoft would not confirm that it plans to patch the vulnerability next month, but the spokesperson said that it only affects PCs that have Remote Desktop Service enabled. Remote Desktop, a remote control application tucked into XP, is disabled by default.

As is its norm, the Redmond, Wash.-based developer also criticized the researcher for publicizing the vulnerability before a patch was ready, "putting users at risk," said the spokesperson. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests," she added.