A number of security research groups are reporting the emergence of a worm targeting a flaw in the Windows Server Service.
The vulnerability was disclosed and patched last week by Microsoft in an emergency 'out of cycle' update.
The flaw is especially dangerous for Windows 2000, XP and Server 2003 because it can be exploited without user interaction.
Although the flaw is also being patched on Windows Vista and Server 2007 systems, the vulnerability is considered to be a lower risk as it requires user authentication to execute the attack code.
The vulnerability lies within the Server Service component of Windows, and can be targeted to remotely execute an attack though an automated 'worm' program.
Security experts said that the severity of the flaw brings back memories of the infamous 'Code Red' and 'Nimda' worms of years past.
Users and administrators who have not already installed the Microsoft patch are urged to do so. US-Cert also recommends that users maintain updated antivirus on their systems to prevent attacks.