WebProNews

Private security firms GreyMagic and Secunia develop proof of concept code, and Microsoft acknowledges the bug does exist.

Stephen Toulouse, an executive at Redmond-based technology power Microsoft, confirmed a flaw exists in Windows Shell.

Victims who would download a malicious file, and then select it in Windows Explorer, could trigger the exploit.

"Our initial investigation has found that significant user interaction would be required for an attacker to exploit this vulnerability," wrote Microsoft program manager Stephen Toulouse on the blog. "We're looking into reports of proof of concept code that has been made public that could seek to exploit this reported vulnerability. On that note, we're not currently aware of any customer impact as a result or an attack that seeks to exploit this vulnerability."

Mr. Toulouse recommended that users block SMB (Server Message Block) traffic at the firewall. If enterprises do that, "Windows 2000 customers connected to the Internet would be at reduced risk from an attack," he added.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.