The SANS Institutes Internet Storm Center set its Internet danger warning level to “yellow” over the weekend. Two separate criminal groups began hacking into websites and message boards and rigging them to deploy code from remote servers that exploits the bug. The root of the problem is with an integer overflow in a core Windows component called COMCTL32.DLL, which is used by many programs. Security company Determina issued a patch that fixes the problem, which has been endorsed by Zeroday Emergency Response Team.”]
Source: https://www.csoonline.com/article/2121385/microsoft-windows-bug-exploited.html