Internet Security Systems (Nasdaq: ISS) has discovered a flaw in the Windows “Plug and Play” service and notified its customers about the problem, ISS said Wednesday.

Microsoft noted the flaw in a monthly security bulletin issued Tuesday.

The service is for the installation, configuration and notification of new devices for an enterprise.

ISS said its X-Force team discovered a’ “exploitable” opening in the default configuration of Windows 2000 and is “present in all modern Windows operating systems”.

“ISS X-Force believes there is a probability that this vulnerability will be exploited as a worm, most likely in a targeted fashion, but also possibly as a broader worm attack against the Windows 2000 Operating System,” ISS said in a statement.