Microsoft warns users about a malicious program that can be used to attack unpatched Windows systems:
The exploit code targets a vulnerability in the Remote Access Connection Manager (RASMAN) service, which Windows uses to create network connections over the telephone. Microsoft rates the bug, which was patched on June 13, as critical, the most severe rating available.
Hackers published the code on Web sites late last week, and it is now included in Metasploit, a hacking toolkit that both security researchers and criminals use.
The malicious software is less dangerous than it might have been. Most firewalls will block it, and it requires that the hacker be authenticated on the computer before it will work.