Source: BBC News
A bug in Microsoft Word was exploited by hackers for months before it was eventually fixed, according to security researchers.
The flaw allowed attackers to take control of a computer via malicious document files.
The zero-day, or previously undetected, vulnerability was patched earlier this month.
However, it has since emerged that Microsoft was told about it in October, nearly six months ago.
A report from the Reuters news agency notes that security researcher Ryan Hanson at Optiv first discovered the problem in July 2016.
Microsoft could have notified customers to make a change to settings in Word that would have prevented the vulnerability from being exploited – but that would also have alerted hackers to its existence.
The decision to wait for a patch seems to have allowed a window of opportunity for hackers to discover the flaw on their own.
In March, cyber-security company FireEye noticed financial hacking software…
Click here to read more