Security researchers have uncovered an unpatched vulnerability in Windows that has been exploited by attackers in an unusual "watering hole" campaign launched from a U.S.-based website that specializes in domestic and international security policy.
Monday afternoon, Microsoft confirmed that it will patch the flaw tomorrow as part of its regularly-scheduled monthly security updates. According to Microsoft, the bug is in all supported client editions of Windows, ranging from the 12-year-old Windows XP to the just-released Windows 8.1.
