Hackers are now exploiting the zero-day Windows vulnerability that a Google engineer took public last week, Microsoft inveterate nowadays.

Though Microsoft did not share details of the assault, other researchers filled in the blanks.

A cooperation Web site is portion a use of the bug in Windows' Help and Support Center to hijack PCs running Windows XP, said Graham Cluley, a senior technology advisor at antivirus vendor Sophos.

Cluley refuse to recognize the site, saying only that it was devoted to open-source software.

"It's a typical drive-by assault," said Cluley, referring to an assault that contaminates a computer when its client just visits a hateful or compromised site.

The method was one of two that Microsoft said last week was the likely attack avenues. The other: persuasive client to open hateful e-mail messages.

As per Microsoft, the use has while been scrubbed from the hacked Web site, but it wait for more to outside. "We do expect potential utilization given the public revelation of full details of the issue," said Jerry Bryant. Microsoft’s group manager of reply communications.

The susceptibility was reveal last Thursday by Tavis Ormandy, a security engineer who works for Google.

Ormandy, who also posted proof-of-idea assault code, protected his decision to expose the fault merely five days after reporting it to Microsoft a shift that Microsoft and other researchers query.