Users of Microsoft's Office software for Windows PCs have suffered from attacks since last week through a zero-day leak, and local newspaper in China reported on Tuesday one million Chinese suffered from the attack since June 6.
According to the Chinanews.com, one million users of Microsoft's Office software for Windows PCs have suffered from attacks through a zero-day leak since last week.
China's security researcher Kingsoft Ltd said on Tuesday it had found three security hole of office 0 day, OWC 10 and OWC11 and ActiveX security whole, which brought great loss to office users in China.
July turns out to be the most threatening month as the security holes broke out, Chinanews.com reported.
The world's largest software maker issued the warning on Tuesday as it released patches to address nine other security holes in its software.
Despite today's fixes, Windows users continue to be under attack, said Dave Marcus, McAfee Inc's Avert Labs director of security research. He added that Microsoft is taking two steps forward, while attackers are putting it one step back.
As Microsoft Windows runs more than 90% of the world's PCs and Office has some 500 million users, cybercriminals target Microsoft to go after the largest number of potential victims with one set of code.
Hackers take advantage of the Office vulnerability by booby-trapping websites with malicious code that loads onto computers running Office software. Infected PCs are commandeered into a botnet, a network of hijacked computers. They are used for identity theft, spamming and other cybercrimes.
Users can prevent attacks by disabling functions within the Office software that allow it to work over the Web. Microsoft has posted a tool for doing that on its website -- http://support.microsoft.com/kb/973472
Office XP, 2003 and 2007 are vulnerable to the attacks.