Microsoft said that "limited and targeted" attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. The flawed converter handles Microsoft Word 97 files on Windows 2000 Service Pack 4 (SP4), XP SP2, Server 2003 SP1 and SP2.

Newer versions of Windows -- XP SP3, Vista and Server 2008 -- are not vulnerable to the bug, however, Security Advisory (960906) .