Microsoft has announced its Windows 2000, Windows XP and Windows Server 2003 operating systems are susceptible to denial-of-service attacks. The vulnerability is caused by a problem in the Remote Desktop Protocol.

Microsoft confirmed the flaw lay in the way Windows handles remote desktop requests and that an attacker could cause a PC to crash by sending a malformed remote request. However, they were quick to note they were not aware of any attempts to exploit the vulnerability.

The software company issued an announcement on the security hole on Friday after a researcher discovered the flaw in XP and published an advisory. Microsoft said it is working on a patch.

Remote Desktop Protocol (RDP) allows remote access to Windows systems. Remote Desktop Sharing and Remote Assistance in Windows XP, as well as terminal services in Windows 2000 and Windows Server 2003 include RDP.

Most Windows versions ship with RDP disabled but the protocol is turned on in Windows XP Media Center Edition.

Microsoft said only computers using services that have RDP enabled are vulnerable.