A critical Windows remote code execution vulnerability disclosed last week is already being exploited in the wild. Security companies warn that attackers are luring unsuspecting users onto malicious Web pages that leverage the flaw to install malware on their computers.
Last Thursday, Tavis Ormandy, an information security engineer at Google revealed details about a previously unknown vulnerability in the Windows Help and Support Center. Considering that his disclosure included fully working exploitation code and that Microsoft was only given five days in advance to patch the bug, many people in the information security community accused Ormandy of acting irresponsibly.
"Today, we got the first pro-active detection (Sus/HcpExpl-A) on malware that is spreading via a compromised website. This malware downloads and executes an additional malicious component (Troj/Drop-FS) on the victim’s computer, by exploiting this vulnerability," Donato Ferrante, a security researcher at Sophos, announced yesterday. "In my opinion publishing exploit code was utterly irresponsible behaviour, and I was worried that having such information floating around the internet would make it easy for cybercriminals to take advantage," Graham Cluley, the company's senior technology consultant, commented.
Unpatched Windows Vulnerability Actively Exploited in the Wild - Attacks target Windows XP users - Softpedia