Microsoft has rolled-out an out-of-cycle patch for all its Windows releases dating back to 2000, which fixes a flaw allowing remote code execution without the owner's consent.

The bulletin, released yesterday, outlines a flaw in the Server service which allows for remote code execution upon receipt of a specially crafted RPC request – which is to say that this vulnerability does not require user interaction to exploit, making it a particularly nasty little bug. While the flaw requires that your firewall rules allow RPC requests in, it's certainly easier to exploit than most modern Windows vulnerabilities – and trivial from within a local network.

Interestingly, the flaw – which dates right back to Windows' roots in the New Technology (NT) era – also affects the latest pre-beta release of Windows 7, the next-generation Microsoft OS. Although the flaw still exists in Windows 7, it's not quite as bad as prior versions – an attacker must already be authenticated against the target system, which is not required for previous versions of Windows. As a result, Microsoft rates the bug as 'Important' rather than 'Critical' for this OS.