Microsoft's major patch this week apparently failed to close two zero-day vulnerabilities in older operating systems – although those running Vista and XP with SP3 are not at risk.
Despite the patch bringing 28 fixes, there are still widely reported problems with Internet Explorer and WordPad.
The problem will only affect those people running Windows XP service pack 2, Server 2003 and older operating systems such as Windows 2000.
Microsoft has blogged about the problem with WordPad – which affects the wordpad text converter for Word 97.
"Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2," said the blog
"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
"At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited."
The blog also warns that the vulnerability could let the attacker gain the same rights as the user – which obviously would not bode well if you have admin access.