Security researchers said they'd discredited Microsoft's claim that the year's first critical Windows vulnerability would be "difficult and unlikely" to be exploited by attackers. Immunity updated a working exploit for the TCP/IP flaw spelled out Jan. 8 in Microsoft's MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site.