Microsoft today confirmed an unpatched vulnerability in Windows just hours after a hacking toolkit published an exploit for the bug.
A patch is under construction, but Microsoft does not plan to issue an emergency, or "out-of-band," update to fix the flaw.
The bug was first discussed Dec. 15 at a South Korean security conference, but got more attention Tuesday when the open-source Metasploit penetration tool posted an exploit module crafted by researcher Joshua Drake.
According to Metasploit, successful attacks are capable of compromising victimized PCs, then introducing malware to the machines to pillage them for information or enlist them in a criminal botnet.
More: http://www.computerworld.com/s/article/9203179/
A patch is under construction, but Microsoft does not plan to issue an emergency, or "out-of-band," update to fix the flaw.
The bug was first discussed Dec. 15 at a South Korean security conference, but got more attention Tuesday when the open-source Metasploit penetration tool posted an exploit module crafted by researcher Joshua Drake.
According to Metasploit, successful attacks are capable of compromising victimized PCs, then introducing malware to the machines to pillage them for information or enlist them in a criminal botnet.
More: http://www.computerworld.com/s/article/9203179/