.png)
19 hours ago
2
The exploits are described as “one-click” attacks. In practical terms, this means a victim can be compromised simply by clicking a malicious link or opening a specially crafted Office file. With minimal user interaction, attackers can plant malware, bypass security protections, and gain control of a target system.
One of the most serious flaws, tracked as CVE-2026-21510, affects the Windows shell—the component responsible for much of the operating system’s user interface. Microsoft said the vulnerability allows attackers to bypass the built-in SmartScreen protection, which is designed to warn users about malicious links and files. Once bypassed, malware can be silently executed on the victim’s machine.
Security expert Dustin Childs noted that while the attack still requires a user to click a link or shortcut file, the ability to achieve remote code execution with a single click is unusual and dangerous. Google’s Threat Intelligence Group, which helped uncover the flaw, confirmed the bug was under “widespread, active exploitation,” warning that successful attacks could lead to ransomware deployment or deeper system compromise.
READ ALSO: Elon Musk demands $134B from Microsoft over alleged non-profit breach
Microsoft acknowledged that technical details about how to exploit the bugs have already been published, increasing the likelihood of further attacks. While the company did not specify where the exploit information appeared, this disclosure often accelerates the pace of malicious activity before users apply patches.
According to independent security reporter Brian Krebs, Microsoft also fixed three additional zero-day vulnerabilities that were being actively exploited. The company is urging Windows and Office users to install the latest updates immediately to close the security gaps and reduce the risk of compromise.
The post Microsoft confirms ‘live attacks’ by hackers targeting Windows Shell, Office users appeared first on Latest Nigeria News | Top Stories from Ripples Nigeria.
