Microsoft on Tuesday issued a security advisory for athat was made public on Monday.
The flaw affects certain versions of Microsoft Internet Information Services product, but to be exploited it requires a user to have the FTP function enabled. The flaw could allow an attacker to take over the server.
In its advisory, Microsoft said it has not seen any active attacks, although it acknowledges that detailed exploit code was published to the Web.
Microsoft said it is still working on patching the flaw but said the advisory has advice that customers can use to protect themselves.
"Microsoft is currently working to develop a security update for this issue to address this vulnerability and will release it once it has reached an appropriate level of quality for broad distribution," Microsoft said.
In a posting on Monday, the U.S. Computer Emergency Readiness Team (US-CERT) suggested IT administrators "disable anonymous write access to the FTP server to help mitigate the vulnerability" but added that "a proper impact analysis should be performed prior to taking defensive measures."