In particular, the exploit contains system fingerprinting code that's not actually used, which suggests the original author is at least familiar with prior exploits found in exploit packs, Beardsley said.
According to Chen, the junk fingerprinting code appears to have been reused in various exploits since at least 2012.
Microsoft's next batch of security updates is scheduled for Oct. 8, but it's not clear if the company will issue a permanent patch for this particular vulnerability at that time.
Beardsley hopes it will. "The Fix It is effective, so I hope it would be straightforward to patch properly," he said.
Sign up for Computerworld eNewsletters.