Quick Links

No, that headline isn't a joke. Unfortunately, there's a significant vulnerability that's actively being exploited in the wild through Internet Explorer and Office, and Microsoft has released a patch to fix it. You need to update your PC to protect it as soon as possible.

Update to Fix This Zero-Day Exploit

We first reported on this issue last week, and now Microsoft has solved the zero-day exploit with a new Windows update.

Related: Remembering ActiveX Controls, the Web's Biggest Mistake

The exploit used Office files containing malicious ActiveX controls that could grant a threat actor access by simply downloading a file. When the file is opened, it automatically launches a page on Internet Explorer that contains an ActiveX control. It then downloads malware onto the victim's computer, which can be used for all sorts of things.

Related: Should You Install Windows 10's Optional Driver Updates?

When the issue was first reported, we could only offer to be careful what you download. However, we can recommend updating your Windows PC to the latest version to fix this exploit.

As part of Microsoft's Patch Tuesday, the company fixed a total of 66 security flaws, which is always welcomed. The first significant issue is mentioned above, but it also fixes two remote code execution vulnerabilities, the WLAN AutoConfig Service and Open Management Infrastructure.

Don't Wait to Update!

If you're using Windows, you need to download these updates to fix the critical security holes. Of course, you should still be careful when downloading files from unknown sources, but at least with this patch, you can rest easy knowing a gaping hole in your PC's security has been closed.

Related: What Is Patch Tuesday for Windows, and When Is It?