Computer code that exploits a security vulnerability in Windows has been published on the Internet, making it more urgent for users of the operating system to patch.
The attack code exploits a flaw in the way Windows handles Vector Markup Language, or VML, documents, which are used for a type of high-quality graphic on the Web. The bug lies in a Windows component called “vgx.dll” that supports these files.
Microsoft provided a fix for the flaw last week with security bulletin MS07-004. At the time, the company warned that it had already seen limited cyberattacks exploiting the vulnerability. However, attack code hadn’t been available publicly. On Tuesday, exploit code was published to a widely-read online security forum.
“Microsoft is aware that detailed exploit code was published on the Internet that may take advantage of the vulnerability addressed by Microsoft security bulletin MS07-004,” a company representative said in a statement. “Microsoft encourages all customers to apply the most recent security updates.”
Prior to the public posting of the exploit, other code that takes advantage of the flaw had been made available to users of a security testing tool made by Immunity. However, these attack blueprints are private, supplied to people who pay for the tool.
Security, Flaw, Windows, Microsoft