Hackers exploit second Microsoft flaw

Exploit code has been found in the wild that targets a Microsoft vulnerability that the software giant patched just last week, security experts warned today.

Web monitoring firm Websense reported that a Swedish-hosted website has been engineered with malware built in that exploits a flaw in unpatched versions of Internet Explorer. The flaw allows hackers to gain complete control of PCs visiting the infected site.

"At this time, malicious websites have been observed to exploit this vulnerability by downloading and running code on the end user's machine," said the company in a statement.

"We expect to see additional exploits of MS05-038 in the near future, as it is very new and allows privileged access to the machine."

The website containing the code purports to be advertising pharmaceutical products and its URL has been spammed out to millions of inboxes. Owing to a small flaw in the malware, visitors to the site will also suffer a browser crash.

This is the second Microsoft patch to be cracked in less than a week. Exploit code for another patch appeared on Friday and by Monday had been used in a worm that is hitting Windows 2000 systems particularly hard.

Six Microsoft patches on the way

Latest batch includes one rated 'critical'  05 Aug 2005

Microsoft admits to Media Center hole

Security flaw could allow hackers to crash PCs  18 Jul 2005

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!