23 June 2009
By Gregg Keizer, Computerworld (US online)
An exploit of unpatched Microsoft vulnerability has been added to a multi-strike attack toolkit, according to security company Symantec. The company said that this may mean attacks will increase soon.
Symantec said that an in-the-wild exploit of the DirectShow bug, which Microsoft acknowledged a month ago, has been added to at least one web-based attack kit. "This will likely lead to widespread use in a short time," said Liam Murchu, a researcher with Symantec's security response group, in blog entry.
Microsoft has not yet issued a fix for the DirectShow bug, which affects Windows 2000, XP and Server 2003, but not the newer Windows Vista or Server 2008. The flaw also doesn't affect the not-yet-released Windows 7.
Enter to win* a free holiday tech gift!
CNET's giving five lucky winners the gift of their choice valued up to $250!