Microsoft has issued a rare security alert, something it usually doesn't do because then that tells the bad guys where to go look for an exploit. That usually means it's pretty severe.

The problem relates to a vulnerability that could give an unauthorized user access to LocalSystem, a user account not normally accessible by Windows users, as it has extensive privileges within the operating system and access to pretty much the entire system.

This affects Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory, since it contains workarounds.

Microsoft may issue an out-of-band patch if the problem is serious enough, or it will hold off until the next Patch Tuesday, which would be May 13.