Microsoft's scheduled `Patch Tuesday' release on March 13 had the company announcing six update patches, including one that fixes a `critical' Windows vulnerability - dubbed CVE-2012-0002 - which allows hackers to remotely gain control of a computer without authentication.

The critical flaw - the only one for this month's Patch Tuesday release - was fixed in the Remote Desktop Protocol (RDP) service of the operating system; and it reportedly affected all supported versions of Windows, including Windows XP, Vista and 7, and Windows Server 2003, and 2008.

According to Microsoft, the critical update chiefly plugs two security holes in the RDP service which basically allows administrators to access Windows systems remotely over a network. Since RDP is not a `default' enabling on standard Windows installations, the vulnerabilities pose a much greater threat to businesses as compared to consumer systems.

Terming the flaw as "a pre-authentication, remote code bug," Andrew Storms, director of security operations at nCircle Security, said: "It will allow network execution without any authentication, and has all the ingredients for a class worm."

Meanwhile, in the opinion of Dave Marcus, McAfee Labs' director of advanced research and threat intelligence, the March Patch Tuesday bulletin by Microsoft should be deemed a top priority, especially in the wake of the fact that the company has given its "exploitability index" a rating of 1; thus implying that Microsoft is likely to make the working exploits available within a month's time.