Roland Dela Paz, a threat response engineer at Trend Micro, said in a blog post that researchers spotted malicious HTML being hosted that exploits the vulnerability and executes a trojan that includes rootkit functionality.
The flaw, a MIDI (musical instrument digital interface) remote code execution vulnerability (CVE-2012-0003), was patched by Microsoft in this month’s Patch Tuesday release. The vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, but not Windows 7 or Windows Server 2008 R2.
The attack is not widespread at the moment, but it is possible that other attackers will start exploiting the same vulnerability in the near future. Dela Paz recommended that users update their systems using the Microsoft patch.
"We'd like to reiterate that this is a publicly disclosed exploit. As such, we can expect similar attacks in the future”, the Trend Micro researcher wrote.