Microsoft Office Zero-Day Exploited Days After Emergency Patch, Update ASAP

Microsoft Office is victim to a critical zero-day exploit, and Russian hacker groups are already weaponizing it in destabilizing efforts toward the Ukrainian government. While Westerners and most other readers likely have less to worry about, it's still prudent to apply the latest security updates on Microsoft Office versions 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365. The exploit works by opening a malicious document, which triggers the termination and restart of explorer.exe and COM hijacking, which allows the "EhStoreshell.dll" file extension to load. This extension runs shellcode from a malicious image file, which leads to the COVENANT malware software being launched and installed. Besides Ukraine, some EU-based organizations are also being targeted. A similar malware loader was used in APT28's Signal attacks against Ukraine in June 2025.

In any case, it's remarkable to see how dangerous even an already-patched exploit ...