Attack code exploiting a recently-patched vulnerability in Microsoft’s Windows operating system has been posted to the Internet, prompting concerns of a widespread attack

. The software was added to the widely used Metasploit project–a favorite of both security researchers and malicious hackers–at around 1 a.m. Thursday morning Pacific Time, according to H.D. Moore, the Metasploit project leader. "It works very reliably against Windows 2000 and Windows XP systems that do not have SP2 [Service Pack 2] installed," he said in an e-mail.

Security experts had worried that the Windows Server services vulnerability–described in Microsoft Security Bulletin MS06-040–could be used in a widespread worm attack. Windows Server services are generally enabled by default on Windows systems, and are used for common network applications like file sharing and printing