On Thursday, Microsoft revised a security advisory it first posted April 19 about a bug in Windows XP, Vista, Server 2003 and Server 2008 that could be exploited to gain additional privileges on vulnerable machines. “Exploit code has been published on the Internet for the vulnerability addressed by this advisory,” confirmed Bill Sisk, a communications manager at Microsoft’s Security Response Center in a post to the MSRC blog. In late March, Argentinean security researcher Cesar Cerrudo announced he had found a bug that could let attackers bypass some of the security schemes in the newest versions of the operating system, including Windows Server 2008. “Basically, if you can run code under any service in Windows Server 2003 then you can own Windows,” he added. Microsoft has yet to issue a fix for the flaw; since April its own move has been to recommend work-arounds for customers running Internet Information Services.