Security researchers believe that an unpatched flaw in the SMB (Server Message Block) 2 software that ships with Windows Vista and Windows Server 2008 could turn into a major headache.

showing how the bug could be leveraged to crash a Windows machine was posted Monday to the Full Disclosure mailing list by Laurent Gaffie.

But security experts believe that more serious attacks are possible.

Kostya Korchinsky, a senior security researcher with security-assessment software vendor Immunity, said the flaw could be exploited in a privilege-escalation attack. This type of attack is used once the attacker has already found a way to run software on the victim's machine. It gives the hacker a way of accessing system resources that would otherwise be prohibited.

A more dangerous "remote-code execution" attack "might be possible, but it would be a lot more difficult," Korchinsky said. With remote-code execution, the attacker is able to run unauthorized software on the victim's machine.