"Patch as quickly as possible," advised Qualys CTO Wolfgang Kandek. "Now that the vulnerability is disclosed we expect the attack code to spread widely and get integrated into exploit kits and attack frameworks."
On the acknowledgments page, Microsoft thanked Clement Lecigne of Google for reporting the memory corruption flaw. Unlike some past Microsoft vulnerability disclosures, this one was not publicly revealed. The fact that it is being actively exploited might be "a case where both researchers and underground found it around the same time," Kandek suggested.
Sign up for Computerworld eNewsletters.