Exploit code for the latest critical Microsoft software vulnerability has been released onto the internet, meaning attacks via the bug are now much more likely, and the chances of a worm exploiting the flaw have increased.
The vulnerability caused more concern than most because it is in the component of many Microsoft applications that renders JPEG images. This means a specially crafted image, in a web page or email, can compromise a PC, no user action required.
The vulnerability is in the GDI+ library found in Windows versions before XP Service Pack 2 and some Microsoft Office and image-handling applications. A patch has been available for over a week.
Security researchers expect the exploit could be fairly easily incorporated in an email worm, which would differ from most in that it would often not require the user to click on anything to execute.