The vulnerability had not been made public until Microsoft released a fix on 14 November as part of its monthly security patch cycle. Three hours later, an exploit targeting unpatched systems was released.
Kostya Korchinsky, a senior analyst at Immunity Inc, confirmed to vnunet.com that within one hour of the patch's release, the firm had posted proof-of-concept code on the vulnerability. Within three hours, Immunity had a fully working exploit.
The exploit targets a vulnerability in the Windows Workstation service, a networking component that handles printer and file access operations. Microsoft said that the flaw could allow an attacker to gain complete control of system.
The attack is carried out through a server containing the exploit code when the user's machine receives a request to join a network. This could occur on a local network or through the internet.
For users running Windows 2000 Service Pack 4, the vulnerability is classified by Microsoft as 'critical'.
For Windows XP Service Pack 2, the vulnerability is classified as 'low' because an attacker would need to be logged into the machine under an administrator account to execute the attack.
Microsoft and Immunity Inc were unaware of any exploits actively taking place. Microsoft recommends users to install the 14 November security update to patch the vulnerability.
Would you want to live in a world without memes?
Traditional theories debunked by new study
Scientists closer to developing material capable of splitting water for better storage of solar energy
Experiments needed to see if the material works in the real world
Developers first in the queue to test TensorRT and TensorFlow integration tools running on Nvidia GPUs