Malware creators have already started testing a proof-of-concept exploit targeting a new Microsoft Windows Installer zero-day publicly disclosed by security researcher Abdelhamid Naceri over the weekend.
Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability, said Jaeson Schultz, Technical Leader for Cisco’s Talos Security Intelligence & Research Group.
However, as Cisco Talos’ Head of Outreach Nick Biasini told BleepingComputer, these exploitation attempts are part of low volume attacks likely focused on testing and tweaking exploits for full-blown campaigns.
During our investigation, we looked at recent malware samples and were able to identify several that were already attempting to leverage the exploit, Biasini told BleepingComputer.
Since the volume is low, this is likely people working with the proof of concept code or testing for future campaigns. This is just more evidence on how quickly adversaries work to weaponize a publicly available exploit.