Security researchers discovered that threat actors conducted zero-day attacks targeting Windows users with malware for over a year before Microsoft addressed the vulnerability in Windows 10 and 11. The vulnerability exploited a flaw in Internet Explorer, an outdated browser that Microsoft retired in 2022 due to its susceptibility to exploits. Malicious code exploiting the vulnerability has been active since at least January 2023 and was still circulating in May of this year. The attack code utilized novel techniques to lure users into executing remote code, including disguising malicious files as PDFs and tricking users into opening dangerous .hta applications. Microsoft released a patch for the vulnerability, but users are advised to check cryptographic hashes provided by researchers to determine if they have been targeted. This incident highlights the ongoing threat posed by zero-day attacks and the importance of timely software updates to mitigate such risks.