Users of Microsoft's Host Integration Server 2006 are vulnerable to attack unless they rapidly deploy the patches the company has issued.
The exploit was released earlier this week as part of the Metasploit hacking toolkit.
Microsoft released a patch for this flaw on Tuesday, as part of its monthly security updates. The bug lies in the SNA remote procedure call used by the server to communicate with the mainframe.
Normally, this service would be blocked by a firewall and in a typical configuration the attacker would need to have an account on the Host Integration Server in order to launch the attack. However, poorly configured machines such as test systems might be vulnerable to an attack, said Russ Cooper, a manager with Verizon Business's RISK Team.
This Host Integration Server flaw was one of 20 security bugs patched by Microsoft this month, but it is the first to be exploited by hackers since the patches were released Tuesday.