An error in Microsoft Word let hackers have access to files for month before the tech giant eventually fixed the problem.
According to a Reuters report, security researcher Ryan Hanson spotted the bug in July 2016. Microsoft was told about it in October and the issue was finally patched earlier in April, a full six months after it was first notified.
Microsoft could not be reached for comment for this story.
While Microsoft was investigating the flaw, hackers were able to manipulate the software on unknown Russian speakers, taking control of their computers.
Hanson consults for the cyber security firm Optiv, was the first to find the bug, but others found it as well. Security researchers at FireEye in March found a piece of financial hacking software known as Latenbot used the same Microsoft bug. McAfee also noted the bug's existence.