Fears are growing of a new Windows worm after security companies reported that exploit code is already circulating for three Microsoft patches released on Tuesday.

Within 24 hours of the patches coming out Symantec's DeepSight Threat Management System issued an alert over patch MS05-051. The security firm has issued a signature for its intrusion detection systems.

"The DeepSight Threat Analyst Team has created the signature to detect attempts to bind to the MSDTC RPC interface," said Symantec in a statement. "It has been successfully tested against a client communicating with the interface. "

At the same time, security testing firm Immunity announced that it had developed exploit code for three Microsoft patches. 

The code has only been shared with trusted partners and is intended as proof-of-concept only. Nevertheless its quick creation has worried many in the industry.

"It is always hard to predict these things, especially with worm outbreaks," said Graham Cluley, senior technology correspondent at Sophos.

"But one group has done this, and others will too. It is not too hard to reverse-engineer a patch by looking at what Microsoft has done, and there were some serious patches in this last batch."

Microsoft is advising IT administrators to patch as soon as possible. The advisories and patches are available here: