Windows 10 users have been put on alert about a Microsoft software vulnerability which hackers are using to infect PCs with malware and then take control of it.

The recently disclosed Microsoft Office vulnerability lets cybercriminals exploit a backdoor and deliver malware that can take control of PCs.

The CVE-2017-11882 vulnerability, which affects WordPad also, has existed for a staggering 17 years, according to cybersecurity website Security Week.

And recently hackers have been trying to exploit this to deploy the potent Cobalt malware through spam e-mails.

The e-mail contains an RTF document, and once opened users are greeted with a blank document alongside the message Enable Editing.

However, this message is only trying to cover what’s going in the background - as the malicious code gets downloaded and installed so the PC is hijacked.

The flaw has been categorised as security vulnerability CVE-2017-11882 and was fixed thanks to the updates provided on Microsoft’s November Patch Tuesday.

However, in the system requirements for all the patches available, it only mentions Windows operating systems as being supported.

Operating systems supported by the patches include Windows 10, Windows Vista, Windows 8, Windows 8.1 and Windows 7.

Outlining how the vulnerability works in a post, the Microsoft Security TechCenter said: “A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. 

“An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. 

“If the current user is logged on with administrative user rights, an attacker could take control of the affected system. 

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

They added: “Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. 

“In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. 

“In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. 

“An attacker would have no way to force users to visit the website. 

“Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.”

The news comes after Windows fans were warned about the risks of not updating to the latest version of Microsoft’s flagship OS.

While Windows 10 is the most recent version of the Microsoft OS, it is not the most popular version for PC fans.

According to NetMarketShare, Windows 7 is used by more PC owners than Windows 10 - with the eight year-old OS having a market leading 46.63 per cent share.

This is compared to the second most popular PC OS, Windows 10, which has a 29.26 per cent chunk of the operating system market.

While Windows 8.1 and Windows XP have an operating system market share of 5.97 per cent and 6.47 per cent respectively.

However, for the huge amount of PC owners using an earlier version of Windows, they’ve been given a stark warning as to why they need to upgrade to Windows 10 as soon as possible.

The Register reported Microsoft has been patching out security bugs in Windows 10 but NOT immediately rolling those out to Windows 7 and 8 users.

This lag in updates leaves potentially hundreds of millions computers at risk of an attack.

The exploits that hackers and malware are taking advantage of is being fixed in the big Windows 10 releases.

However, this is only slowly filtering back to Windows 7 and 8 in the form of monthly software updates.

The news was revealed by researchers on Google’s Project Zero team.

Google Project Zero researcher Mateusz Jurczyk said: "Microsoft is known for introducing a number of structural security improvements and sometimes even ordinary bug fixes only to the most recent Windows platform.

"This creates a false sense of security for users of the older systems, and leaves them vulnerable to software flaws which can be detected merely by spotting subtle changes in the corresponding code in different versions of Windows."