As per the news from Forbes - Microsoft confirmed that an unpatched 'zero-day' vulnerability in the Windows operating system, affecting every version from Windows 7 through to Windows 10, is being actively targeted.

Microsoft was first informed of this vulnerability by Google's Project Zero team, a dedicated unit comprised of leading vulnerability hunters, which tracks down these zero-day security bugs. Because Project Zero had identified that the security problem was being actively exploited by attackers, it gave Microsoft a deadline of just seven days to fix it before disclosure. Microsoft failed to issue a security patch within that hugely restrictive timeframe, as Google went ahead and published details of the zero-day vulnerability.

The bug itself sits within the Windows Kernel Cryptography Driver, known as cng.sys, and could allow an attacker to escalate the privileges they have when accessing a Windows machine. Simply put, it's a memory buffer-overflow problem that could give an attacker admin-level control of the targeted Windows computer.

While Microsoft has confirmed that the reported attack is real, it also suggests that it is limited in scope being targeted in nature. This is not yet becoming a widespread exploit. Microsoft says that it has no evidence of any indication of widespread exploits.