Microsoft revealed the Windows flaw over two weeks ago, but it is expected that thousands of computer users have not yet patched the flaw.
According to the alert the computers affected will be those using the following operating systems:
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Services Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
The alert was issued by the DHS Information Analysis and Infrastructure Protection (IAIP) National Cyber Security Division (NCSD), and updates an earlier warning given on 24th July.
The Microsoft flaw is such that, according to the alert:
"An attacker who successfully exploited this vulnerability would be able to run code with local system privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges."
Moreover, the exploit could form the basis of an attack on the internet itself. If a computer becomes infected, there is great concern that it could be used by an attacker to launch further cyber attacks on different vulnerabilities in other computers. This could happen at great speed and to serious effect, according to the alert.
Steve Lipner, a senior Microsoft security executive, told CNN.com on Thursday, "We know it's possible to write a worm for it. We don't know whether a worm will be written for it." He added, "It's certainly one [flaw] that we look at and say, 'Gee, we'd really like everybody to put that patch on."'
At the time of the alert no such worm code had been found, but there had been a perceptible increase in programs scouring the internet for vulnerable computers. However, on Friday, anti-virus firms warned of another new worm, dubbed worm/MiMail.A, also known as W32.Mimail.A@mm, which will mail itself from infected computers.
The company has described it as merely annoying.
Meanwhile, Microsoft's own web site was disabled on Friday for one hour and forty minutes, after being hit by a denial of service attack on the same day as the opening of an international hackers conference. The incident was unrelated to the security and worm concerns.