The code for one of the Windows vulnerabilities that was exploited by the Stuxnet virus has been released to the public.
According to eWeek, the exploit code, which was released to the Exploit Database operated by Offensive Security, is based on a vulnerability found in the Windows Task Scheduler.
Microsoft has acknowledged the public release of the exploit code and has assured that a patch for the flaw will be released soon.
Jerry Bryant, group manager of Response Communications at Microsoft, said in a statement: “We first discussed this vulnerability in September 2010. Because this is a local Elevation-of-Privilege issue, it requires attackers to be already able to execute code on a targeted machine.”
“A bulletin addressing this issue will be released as part of our regular monthly bulletin cycle in the near future,” he added.
The vulnerability is one of four flaws that were exploited by the Stuxnet worm. The other three have already been patched.