As hacker groups working continue to hammer a former Windows zero-day that makes it unusually easy to execute malicious code on target computers, Microsoft is keeping a low profile, refusing even to say if it has plans to patch.
Late last week, security firm Proofpoint said that hackers with ties to known nation-state groups were exploiting the remote code execution vulnerability, dubbed Follina. Proofpoint said the attacks were delivered in malicious spam messages sent to fewer than 10 Proofpoint customers in European and local US governments.
Microsoft products are a “target-rich opportunity”
In an email on Monday, the security company added further color, writing: