Microsoft researchers found a group of vulnerabilities dubbed Nimbuspwn in a Linux service named networkd-dispatcher that can lead to root privileges.
Microsoft has confirmed that the Lapsus$ group gained "limited" access after the group leaked Bing, Bing Maps and Cortana source code.
Microsoft is blocking macros by default for Office, which it hopes will make abuse by cybercriminals more difficult.
Apple fixed the macOS vulnerability in a December security update.
Attackers were attempting to exploit the flaw to distribute the Emotet, Trickbot and Bazaloader malware.