A bug in Microsoft Word was exploited by hackers for months before it was eventually fixed, according to security researchers.
The flaw allowed attackers to take control of a computer via malicious document files.
The zero-day, or previously undetected, vulnerability was patched earlier this month.
Microsoft could have notified customers to make a change to settings in Word that would have prevented the vulnerability from being exploited – but that would also have alerted hackers to its existence.
The decision to wait for a patch seems to have allowed a window of opportunity for hackers to discover the flaw on their own.