Microsoft has warned that exploit code is already circulating on the internet that can take advantage of two of the security holes it issued patches for this week.
Two critical security flaws allow remote hackers to take complete control of a user’s machine via holes in Microsoft’s Windows Media Player and Windows/MSN Messenger instant messaging applications.
The rogue code has been reported by various security software companies, including McAfee, which has called the exploit “Exploit-PNGfile”. The applications in question can be attacked using malformed PNG image files.
Security company Websense warned on Tuesday, the day of the patch issue, that hackers would soon be circulating exploit information for the security holes.
Microsoft issued 12 security patches this week, eight of which it classed as critical. The company said the issued patches would prevent the reported exploit code working.