The bug, which does not affect Microsoft's new and highly touted Windows Vista, was given a "high severity" rating, said Sean Martin, a director at eEye, in an interview. It affects Windows 2000, Windows 2003, and Windows XP.
The bug was reported to Microsoft on March 27.
Martin declined to give more information on the bug, saying he doesn't want to make it easier for hackers to discover the vulnerability before Microsoft can get a patch out for it.
He did note, however, that the bug is not connected to the .ANI vulnerability that has been plaguing Windows users and researchers for the past week.
It's been a tough week for Microsoft, which was forced to release an emergency patch for the .ANI flaw this past Tuesday. The company had planned on releasing it as part of its monthly Patch Tuesday security update on April 10 but pushed it out early because of the mounting exploits, spam attacks, and malware that were taking advantage of it.