The vulnerability had not been made public until Microsoft released a fix on 14 November as part of its monthly security patch cycle. Three hours later, an exploit targeting unpatched systems was released.
Kostya Korchinsky, a senior analyst at Immunity Inc, confirmed to vnunet.com that within one hour of the patch's release, the firm had posted proof-of-concept code on the vulnerability. Within three hours, Immunity had a fully working exploit.
The exploit targets a vulnerability in the Windows Workstation service, a networking component that handles printer and file access operations. Microsoft said that the flaw could allow an attacker to gain complete control of system.
The attack is carried out through a server containing the exploit code when the user's machine receives a request to join a network. This could occur on a local network or through the internet.
For users running Windows 2000 Service Pack 4, the vulnerability is classified by Microsoft as 'critical'.
For Windows XP Service Pack 2, the vulnerability is classified as 'low' because an attacker would need to be logged into the machine under an administrator account to execute the attack.
Microsoft and Immunity Inc were unaware of any exploits actively taking place. Microsoft recommends users to install the 14 November security update to patch the vulnerability.
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way
The most luminous galaxy ever discovered is cannibalising at least three of its smaller neighbours, study finds
The galaxy radiates at 350 trillion times the luminosity of the Sun