The bug exists in Windows Vista, Server 2008, Windows 7 and Server 2008 R2, Microsoft said, but not in Windows XP or Server 2003.

Others were less concerned with the new Ping of Death problem. "It's definitely an old-school kind of attack," said Sarwate of Qualys. "But if it is exploited, I think it would be more on the prank side."

"There are easier ways to bring down a [Web] server than this," said Kandek, when asked whether the vulnerability might be exploited by hacking groups such as Anonymous that have knocked major sites offline this year using traditional denial-of-service attacks.

Microsoft also patched other vulnerabilities in Windows, including several two in remote access components of the OS and one in the kernel, as well as bugs in Visio, Visual Studio and the .Net Framework.

August's security patches can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.