Microsoft today warned that hackers are already exploiting serious vulnerabilities in the Windows operating system for which it issued patches earlier this week.
The patches are classed as “critical” by Microsoft as the vulnerabilities allow remote attackers to take over users’ machines with little user interaction.
One problem affects the Microsoft Colour Management Module, a Windows component that handles colours. The other is related to the JView Profiler, part of Windows’ Java Virtual Machine platform.
Security research companies are reporting that the JView Profiler vulnerability is already being used by attackers to download trojan viruses onto users’ PCs, in an attempt to turn them into “zombie” computers and distribute malware and spam to other users.
The JView Profiler threat can be set off by users visiting a malicious website and the Colour Management Module flaw can be exploited when users click on a malicious image.
A third flaw in Word 2000 and 2002 has also been patched in Microsoft’s monthly patching cycle. Like the others, this flaw has been described as critical.