The patch (MS05-039) addresses a flaw in the Windows Plug-and-Play system, which automatically recognises and configures devices as they are plugged in to the computer.
Security testers at eEye claim to have found two separate examples of working exploit code in the past few hours that could give full control of a target PC.
"On discovering two instances of exploit code online, the research team conducted thorough testing to confirm that both present a legitimate threat to Windows 2000 systems (completely patched Service Pack 4 with all hotfixes)," said the company in an alert.
"One exploit, released by an anonymous author, will bind a command prompt to TCP port 8721. Users should consider this patch highly critical, and should install it as soon as possible."
Computers running Windows XP and Server 2003 are also at risk, although the exploit is more difficult to use on these machines. Microsoft is urging all users to apply the patch as quickly as possible.
EEye has a free scanning utility for computer users to test whether they are vulnerable.
A nuclear strike has been considered, but Bruce Willis is nowhere in sight
Spray-on antenna could enable seamless integration of antennas with everyday objects
Parker Solar Probe, TESS and GOLD missions will deliver exciting data, claims NASA
But deep learning pulls ahead for complex tasks