Windows PCs that are not quickly updated when Microsoft issues new patches are under growing threat as criminals try to exploit the window of opportunity to seize remote control of computers.

On 9 August, Microsoft issued its MS06-040 security update for a critical flaw, along with many other patches. Since then, researchers at security vendor Sophos have discovered tools in the wild that could exploit the vulnerability.

The Cuebot-L or Cuebot-M worms can infect unpatched PCs. Once installed, they turn off the Windows firewall and open up a backdoor. This backdoor then provides access to remote hackers, letting them access and take control of the computer

Many users are still slow to apply patches In a statement, Graham Cluley, senior technology consultant for Sophos said, “Microsoft only issued a patch against the security hole used by these worms in the last few days, and yet already malware is being written that exploit this vulnerability to attack computer systems. This is a real headache for Microsoft as it tries to reassure people that their operating system is becoming more secure. There will be many Windows computers that will not have been patched yet and may be vulnerable to infection and compromise.”

Users can visit this part of the Microsoft web site to check their machine for vulnerabilities and infections.