The vulnerability involves a flaw in the debugger's authorisation feature. The flaw lets any user run any program on the system, with the highest privileges.
The hole could be used in conjunction with other Windows vulnerabilities that allow a remote attacker to run as a local user, said Marc Maiffret, chief hacking officer with networkprotection company eEye Digital Security.
"By itself, I would say it's not that dangerous, but coupled with other vulnerabilities, it's nasty," Maiffret said. "It makes threats like Nimda possible."
The Nimda worm used a similar double whammy to gain base-level access to a system and then elevate its privileges to take control of the infected computer.
Microsoft gave the vulnerability a "critical" rating for client systems but would not estimate what portion of Windows NT 4.0 and Windows 2000 computers might be vulnerable to the new flaw.
"Being able to log on to the computer in the first place, and being able to run code (once logged on), are the two limiting factors for this flaw," said Christopher Budd, security program manager for Microsoft's security response centre.
For example, a guest account could be co-opted by an attacker and used to exploit the flaw to run code only if the system's administrator allowed guests access to the console and let them introduce code to the machine, Budd said.
Microsoft has posted an advisory and a patch for the problem.
Microsoft has been arguing to the US Department of Defense that "open source" software is un-American (as well as affecting it's income). That is taking patriotism a bit too far, especially when this article shows that it is independents examining Microsoft's proprietary code who are generally the ones finding the bugs. The more people who can easily examine open source code might mean making it easier for hackers to find weaknesses. But it also means that professional users can also find those weaknesses and develop ways of strengthening them.