There were many published attacks on Microsoft Windows in the last two decades. Research online to find any one attack published after 2000 and explain it in detail. The example should not duplicate the ones given in the book.
Back in October of 2014 there was a ‘zero-day’ vulnerability present in Windows that specifically targeted Microsoft Office files—mostly PowerPoint at the time (Leopando, 2014). Attackers would send a file to the end user that would allow a malicious code to run as an administrator on the infected host machine. Users would be completely unaware what was happening because the User Access Control popups that would normally alert the user to something going on could be disabled, thus, allowing the attacker to take control of the device and manipulate files and information at will.
According to Leopando (2014), Microsoft discovered that this vulnerability was in fact identical to the previous Sandworm vulnerability which had been patched a week prior to the new incidents. The patch Microsoft had issued for that risk had obviously not completely resolved the matter and allowed attackers to find new means of exploiting the flaw.
At the time, users were only cautioned not to open Office files that had been sent to them—especially if they weren’t sure who sent them. Microsoft issued a workaround that involved changing the settings for users that had the Enhanced Mitigation Experience Toolkit (EMET) utility, but it seemed that average end users were out of luck until Microsoft could issue a more permanent solution (Leopando, 2014).
Leopando, J. (2014). Microsoft Windows Hit By New Zero-Day Attack. Trend Micro. Retrieved from http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-windows-hit-by-new-zero-day-attack/