Experts say zero-day exploits exist for vulnerabilities addressed in MS09-009, MS09-010 and MS09-012. Only the MS09-012 patch is not rated as critical. All three patches contain the fixes to thwart the exploits. ( of affected software by patch number).
Patches MS09-013 and MS09-014, both rated critical, address three vulnerabilities for which exploit tools are publicly available. Both protect against a credential reflection attack that has been a lingering problem.
And attack details are available for vulnerabilities fixed by MS09-015, which is rated moderate and affects Windows and Windows Server versions.
"That window where you had the luxury of not patching, that is shrinking fast," says Wolfgang Kandek, CTO of Qualys. "Here the window is zero for some of these vulnerabilities, and where the exploit code is public it will not take hackers long to get code out there."
Kandek says Qualys is seeing people getting more "professional" with their attacks. "It is not the hobbyists anymore, there are some real research teams spending resources on this, analyzing code and putting out exploits."