A flawed Windows patch has created an opening for zero-click attacks, potentially allowing threat actors to exploit a vulnerability without requiring user interaction. This vulnerability was initially leveraged by APT28, a Russia-linked group, in attacks targeting Ukraine and European Union countries. The incomplete patch has significant implications, as it enables state-aligned actors to launch sophisticated attacks with ease. Specifically, the vulnerability can be exploited to gain unauthorized access to systems, compromising sensitive information and disrupting operations. The fact that APT28 has already exploited this vulnerability1 highlights the urgent need for a revised patch to mitigate the risk of further attacks. This development shifts the threat model from traditional criminal activity to geopolitical tensions, necessitating a distinct approach to cybersecurity. So what matters to practitioners is that this vulnerability demands immediate attention and a proactive strategy to counter the heightened threat of state-sponsored attacks.