Controversial Windows XP vulnerability now being exploited

Malware downloads and executes an additional malicious component

The Windows XP exploit that was published by a Google engineer last week is now being exploited in the wild, according to researchers at Sophos Labs.

The vulnerability, which could allow remote code execution if a user views a specially crafted Web page using a Web browser, or clicks a specially crafted link in an e-mail message, was published by Tavis Ormandy just five days after he alerted Microsoft to the problem.

Sophos reported Tuesday that its labs received the first pro-active detection on malware that is spreading via a compromised website.

"This malware downloads and executes an additional malicious component (which will shortly be detected as Troj/Drop-FS) on the victim's computer, by exploiting this vulnerability," according to a blog post on the Sophos site.

Ormandy's publication of the vulnerability's details have been the subject of much criticism in the last week. Ormandy, who said the exploit is possible through most browsers, posted details of the vulnerability and proof-of-concept code to the Full Disclosure listserv - only days after giving Microsoft the information.

Many said with his publication, Ormandy had ignored the rules of responsible disclosure of security vulnerabilities. Ormandy said he went public with the information because he believed his discovery would have otherwise been dismissed by Microsoft.

Read more about data protection in CSOonline's Data Protection section.