Microsoft confirmed that the published proof-of-concept code appears to match the one shared with its MAPP partners. "Microsoft is actively investigating the disclosure of shared Microsoft Active Protections Program (MAPP) vulnerability details and will take the necessary actions to protect customers," Yunsun Wee, director of Microsoft's Trustworthy Computing Group, said via email.

In light of the unusual leak, Auriemma decided to release his original PoC exploit together with that pinpoints the vulnerability's exact location. The PoC is pretty basic, but an experienced exploit writer can modify it to achieve remote code execution, the researcher said.

"The release of a PoC does not necessarily make it easy to exploit the vulnerability, but it does provide a solid starting point," Secunia's Eiram said. "Having access to the patches already makes it possible to deduce the vulnerability details via bindiffing (i.e. comparing the patched binaries to unpatched binaries), but concluding how to trigger the vulnerability is not always so straight-forward. Having a PoC available, obviously, makes this very clear."

System administrators who haven't installed the patch for CVE-2012-0002 are strongly advised to do so, or at least to deploy one of the workarounds described by Microsoft in its security bulletin.