A patch is now available to fix a serious security vulnerability that was discovered in the popular internet firewall software BlackICE Defender. The flaw could allow a user's machine to be taken over by an electronic attacker.

In an announcement late last week, ISS, the maker of BlackICE Defender and other security software products, acknowledged that the problem exists for users running the application on Microsoft Windows 2000 or XP.

BlackICE Defender users running the program on other Windows operating systems are not affected, according to the company.

The problem, called a ping flood vulnerability, can allow an attacker to intentionally crash or take control of computers running the firewall software by sending a large number of data packets to them, causing an electronic flood of data that overwhelms the application.

ISS isn't happy about this, partly because it says the vulnerability was exposed by a competitor that has yet to demo an 'in the wild' case or a remote attack in practise.

Patches are available for download on the company's website, here.

The affected applications are BlackICE Defender 2.9 and BlackICE Defender for Server 2.9.