Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.

The high-severity defect affects a widely used — but largely hidden — archive tool that spans many forks.

The tech giant addressed a record-high number of defects for the year in its latest update.

The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently.

The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.

The tech giant doesn’t provide details about the severity of vulnerabilities it discloses, but none of the new defects are under active attack.

The actively exploited defect, triggered by an attacker’s use of a publicly available sample machine key, underscores the vendor and customers’ poor configuration practices.

The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime.

The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service.

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s…