Exploit targets Microsoft's latest Windows patch

Windows XP and Windows Vista systems can be exploited if they haven't been updated with Redmond's first patch of 2008, says security firm.

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Jan. 30, 2008 11:05 a.m. PT

If you needed further proof that you should always patch Microsoft Windows when Microsoft tells you to do so, there's an exploit that will target Windows XP and Windows Vista systems lacking Microsoft's first patch of 2008.

Security firm Immunity has provided its customers a workable exploit of the TCP/IP (Transmission Control Protocol/Internet Protocol) vulnerability. This is standard practice for subscribers to see whether their system is vulnerable to an attack. However, the presence of an exploit (even one provided under contract) increases the likelihood that someone may offer it or something like it for free on the Internet.

Details of the exploit remain hidden behind a registration system, but a public video is available.

A successful exploit could allow an attacker to take complete control of an affected system and, according to Microsoft, "install programs; view, change, delete data; or create new accounts with full user rights."

If you haven't updated your system with the latest Microsoft patches, you can download MS08-001 here, or update your whole system here.