Hackers have exposed details of a previously undocumented flaw in Microsoft's handling of Wi-Fi which affects users of Windows 2000 and XP.

The vulnerability was detailed at the Shmoocon hackers conference in Washington DC by self-confessed hacker Mark Loveless, (aka Simple Nomad), a senior security researcher for Vernier Threat Labs.

Loveless explained that the issue centres on the way in which the operating systems look for wireless networks during start-up.

When a Wi-Fi equipped laptop starts up using Windows 2000 or XP it immediately starts scanning for wireless networks. If none is found it sets up an ad hoc link using the name of the last wireless network accessed.

If a hacker was aware of the last used network ID, for example knowing the name of a corporate Wi-Fi network address, it could be used to establish a direct local link with the Windows PC offering access to all local drives.

However, the problem only arises if the target machine is not running a firewall. One of the changes in Windows XP SP2 turns the built-in firewall on by default.

Microsoft is aware of the problem, according to a report in the Washington Post, and has promised a fix in the next Windows service pack.