That scenario could be trouble, as several security firms have produced working code that allow attackers to take control of Windows 2000 machines, raising expectations that a fast-spreading Internet worm will soon target the vulnerability. Millions of web sites around the world continue to run on Windows 2000, including 18 companies in the Fortune 100 and 33 in the UK’s FTSE 100.
While no exploit code has been publicly released, security researchers are concerned about a worm emerging. “We’re not currently aware of active attacks that use this exploit code or of customer impact at this time,” noted Stephen Toulouse from the Microsoft Security Response Center. “This just illustrates the danger out there however and we want to reiterate: if you are running the older versions of the operating systems, like Windows 2000, we strongly urge you to deploy the critical updates for that platform, like MS05-051, as soon as possible!”