Microsoft definite that Windows XP and Windows Server 2003 include an unpatched bug that might be used to infect computers by deceives users into visiting arrange Web sites or opening assault e-mail.

The corporation said it has seen no dynamic in-the-wild attacks utilize the weakness.

The bug in Windows' Assist and Support Center a module that allows users access and download Microsoft help files from Web doesn't appropriately parse "hcp" procedure handler, Microsoft said in an advisory issued.

Attackers can influence the susceptibility by attractive users to hateful or hacked Web sites, or by believable those to open malformed e-mail messages.

Windows Vista, Windows 7, Windows Server and Windows Server 2008 R2 are not susceptible to the assault.

Microsoft plans to create a patch, but has not put a launch date. "Microsoft is at present working to expand a safety update for Windows to address this weakness," the suggested stated.

July 13 is Microsoft's next planned Patch, but it occasionally issues patches exterior its monthly plan. The last time it did so was in behind March when it fixed a bug in Internet Explorer that attackers were assertively exploiting.