Microsoft has warned Windows users that exploit code circulating on the internet could take advantage of a critical security hole in its operating system.
The exploit code was disclosed by internet security site Metasploit Project. Microsoft criticised the site for publicising the code, but Metasploit accused Microsoft of attempting to gag important security information.
Microsoft said, "Detailed exploit code has been published on the internet for the vulnerability that is addressed by Microsoft security bulletin MS06-025. Microsoft is not currently aware of active attacks that use this exploit code or of any customer impact at this time."
Microsoft is encouraging users to install the security patch as soon as possible to prevent any attack using the exploit.
MS06-025 was released as part of Microsoft’s monthly scheduled security patching cycle earlier this month. It addresses two related critical flaws in Windows’ Remote Access Connection Manager service.
The bug could be used to take over users’ Windows systems, said Microsoft, without any user interaction.