Malware authors have crafted an exploit that attacks a security vulnerability patched by Microsoft as part of last Tuesday's security update.

The attack uses a vulnerability that Microsoft described in security bulletin MS06-040. It describes a buffer overflow vulnerability in the Windows Server component, affecting Windows 2000, Windows XP and Windows Server 2003.

The exploit only works on systems running Windows 2000 or Windows XP without any service packs. Most Window XP systems run service pack 2.

Attackers can contact the affected component through TCP ports 139 and 445. Both ports are used for NetBIOS sessions including Windows File and Printer sharing.

The exploit prompted the US Department of Homeland Security to issue a press release urging users to apply Tuesday's patch.

Few security experts were surprised by the speed at which online criminals started exploiting the vulnerability.

Bojan Zdrnja with the SANS Internet Storm Center and a security researcher for the University of Auckland warned that the code will cause more widespread attacks as less sophisticated virus writers start creating copy-cat malware.

"It's just a matter of time when script kiddies will start using this, if they haven't already," said Zdrnja.

"We can expect that this exploit will soon be added to the attack arsenal of bots such as Sdbot and similar. In other words – patch!"

The MS06-040 exploit marks the first attack new following this week's Microsoft patch release.

The patch plugged 23 security vulnerabilities, 11 of which were actively being exploited at the time of the release.