Microsoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited.

U.S. authorities in August dismantled the botnet, also known as Qbot, and told reporters that it “ceased to operate” as a result of an antimalware campaign dubbed Operation Duck Hunt. Malware analysts within months observed a resurgence – a comeback that other operators of major Trojans have also managed following infrastructure takedowns (see: More Signs of a Qakbot Resurgence).