Code that exploits a critical Windows vulnerability disclosed and patched last week has been posted to a public mailing list, raising the risk of an attack, security vendors said Wednesday. The exploit code, which appeared on the Bugtraq list Tuesday, targets a flaw in Windows’ Vector Markup Language rendering that was patched Jan. 9 in Microsoft’s monthly security update. VML, an extension of XML that defines Web images in vector graphics format, had been patched before this month; in September 2006, for example, Microsoft issued a fix outside its normally-scheduled cycle.

View: Full Story
Source: InformationWeek via MSFN