Microsoft has just rolled out an update fixing 66 security vulnerabilities as part of this month’s Patch Tuesday. One of them addresses a critical zero-day vulnerability that’s being actively exploited by hackers using Office files containing malicious ActiveX controls. A few days ago, Microsoft issued a warning about the flaw after being notified by security researchers who discovered that bad actors are exploiting it by tricking potential victims into opening malicious Office files. Upon being opened, the file automatically launches a page on Internet Explorer, which contains an ActiveX control that downloads malware onto the victim’s computer.
When Microsoft published the warning, it didn’t have a fix yet and
→ Continue reading at Engadget