Microsoft has released a patch for a critical flaw in Windows Exchange Server 2003, Windows XP, 2000 and NT 4.
The flaw involves the Remote Procedure Call (RPC) protocol, which deals with inter-computer communications. Microsoft warned that, under certain circumstances, the RPC might not check messages sent to the PC properly.
If a malformed message is sent to the target PC it can be routed through port 135 and used to run code on the infected PC.
A patch is available here.
"Microsoft has rightly classified this vulnerability as 'critical', said Pete Philips, penetration tester with security vendor Integralis.
"Any host with port 135 open to a hostile environment, such as the internet, is very vulnerable. We'd recommend patching as a matter of urgency."
The other two flaws are less serious. The first is a problem with Windows shell, the basic graphical user interface framework. If a hacker can introduce a corrupted desktop .ini file to the host PC they could then either crash the system or run software, although the flaw would not affect security settings.
The final flaw concerns ISA Server. To use it a hacker would have to set up his or her own ISA Server to host a web page containing malware.
A victim would be persuaded to visit the web page or would receive the web address in an HTML email.
The news is another blow to Microsoft's reputation, only last week it warned of three more flaws it had discovered.
More information and patches are available here.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago