A bug that Microsoft patched in a security release nearly two weeks ago , is actively being exploited by a worm, said security researchers.
F-Secure said that the just-released worm is based on the exploit code that had been posted online last week. nCircle's Storms agreed that's likely.
Symantec rated the worm as a 'Very Low' threat, although it maintained its ThreatCon, an all-around indicator of internet security, at '2' because Microsoft issued an emergency patch.
"It doesn't appear to be very widespread, although that could change, of course," said Haley.
As counter-intuitive as it sounds, Storms said that the appearance of a worm is actually a good thing.
"Evidence that we're finding and detecting it means we're in a better situation than we were earlier," he argued.
"If it had gone undetected and unfound [it would have meant] that enterprises didn't have any defense-in-depth. But because we're finding it, that means we have signatures for it."
Storms urged users who had not installed the MS08-067 update to do so immediately.
"The worm may not have many legs, but you should get ahead of the game and deploy now," he said.