Microsoft Corp warned that cybercriminals have attacked users of its Office software for Windows PCs, exploiting a programing flaw that the software giant has yet to repair.
The world's largest software maker issued the warning on Tuesday as it released patches to address nine other security holes in its software.
Despite today's fixes, Windows users continue to be under attack. Microsoft is taking two steps forward, while attackers are putting it one step back, said Dave Marcus, McAfee Inc's Avert Labs director of security research.
Hackers booby-trap websites with malicious code that loads onto computers running the vulnerable Office software. Infected PCs are commandeered into a botnet, a network of hijacked computers. They are used for identity theft, spamming and other cybercrimes.
Microsoft did not say how many machines were attacked. It estimates that some 500 million people use its Office suite, which includes Word, Excel and PowerPoint software.
The software maker said in a security bulletin that it has developed a temporary workaround for the problem, which users must manually install on PCs to protect them from attack.
A company spokeswoman said that program would soon be available through Microsoft's website. Office XP, 2003 and 2007 are vulnerable to the attacks.
(Reporting by Jim Finkle; editing by Carol Bishopric)