Hackers have created an exploit for the latest critical flaw in Microsoft Windows just days after the vulnerability made headlines worldwide.

The flaw (http://secunia.com/advisories/10759) involves a vulnerability in Microsoft's Abstract Syntax Notation 1 (ASN.1) library which could be applied to seize control of vulnerable systems.

Windows 2000/XP/2003 are all affected by the vulnerability, which was discovered (http://www.eeye.com/html/Research/Advisories/AD20040210.html) by security researchers at eEye six months ago.

Last week, security vendors advised (http://xforce.iss.net/xforce/alerts/id/164) there was no known exploit for the vulnerability. That view needs to be revised following the publication of an exploit by 23 year-old white hat hacker Christophe Devine on a full disclosure mailing list over the weekend.

Vulnerable systems could only be crashed - and not taken over - using the attack code. Nonetheless the threat level has gone up an extra notch.

Thomas Kristensen, CTO of security Web site Secunia, said "this exploit only causes a Denial of Service, it is still believed that a system compromise is possible". ®

Related Stories

MS releases double-plus critical security fix (http://www.theregister.co.uk/content/55/35480.html)
New exploit heralds Blaster 2 attack (http://www.theregister.co.uk/content/archive/32874.html)