According to Security firm Finjan, the flaws mean that "attackers can silently and remotely take over an SP2 machine when the user simply browses a web page".
Finjan has informed Microsoft of the flaws and is working with the Redmond, Washington-based giant to sew them up. The company won't provide any details about the flaws, which have yet to be patched, in case it helps hackers and virus writers start work on exploiting the vulnerabilities before Microsoft issues any potential fix.
However, Finjan did give details of what kind of attack the flaws could be used to launch.
One, according to the company, would allow hackers to remotely access users' local files and another flaw could let hackers bypass XP SP2's notification mechanism about downloading and execution of .exe, which could let them download files without warning the user.
Microsoft, however, isn't hitting the panic button just yet.
A Microsoft spokeswoman said "Microsoft is aware of the claims by Finjan Software of possible vulnerabilities in Windows XP SP2. At this time, Microsoft cannot confirm Finjan's claims of 'ten new vulnerabilities' in Windows XP SP2. Moreover, Microsoft is currently unaware of active attacks against customers attempting to utilise the alleged vulnerabilities as reported by Finjan."
"Our early analysis indicates that Finjan's claims are potentially misleading and possibly erroneous regarding the breadth and severity of the alleged vulnerabilities in Windows XP SP2," she added.
Microsoft is investigating the claims and will issue a fix if necessary.
When are computer user getting an operating system that does not require constant updates or a high level of technical expertise.