The critical Microsoft Windows and Office vulnerability that came to light two days ago is being more widely exploited than previously reported, making it more urgent that end users install a temporary fix right away.

Early research into the zero-day exploit detected only highly targeted attacks on individuals or companies that were mostly located in the Middle East and South Asia. More often than not, the word "targeted" is used to describe espionage campaigns aimed a particular company or industry. Now, researchers at two security firms have uncovered evidence that the same critical flaw—found in Windows Vista, Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync—is also being targeted in wider-ranging hacking campaigns being carried out by multiple gangs, including one made up of financially motivated criminals.

The more recently discovered attacks are being carried out by the same India-based group behind Operation Hangover, a malware campaign first detected earlier this year, researchers from security firm FireEye wrote in a recent blog post. The researchers went on to say that the same attacks—which exploit weaknesses in the way Microsoft code processes TIFF images—is being waged by yet another group, alternately dubbed Arx and Ark, to deliver the Citadel trojan. Citadel is a highly malicious piece of malware that's mostly used by criminals to access and liquidate online bank accounts.

Similar to the methods Microsoft described on Tuesday, the Arx group attached booby-trapped Word documents to e-mails that carried subjects related to online money transfers. When targeted individuals opened the document on vulnerable computers, the machines were infected with Citadel.

"The use of this zero-day exploit (CVE-2013-3906) is more widespread tha(n) previously believed," FireEye researchers wrote. "Two different groups are using this exploit: Hangover and Ark. Hangover has been previously connected with a targeted malware campaign, and the Ark group is operating a Citadel-based botnet for organized crime."

Symantec has published its own post citing evidence that the TIFF vulnerability is being exploited by the group behind Operation Hangover. It's the first time the group has been observed using a zero-day attack. Symantec provides answers to frequently asked questions here.

It's not uncommon for initial reports of an ongoing zero-day attack to understate its magnitude. Such understatements are largely unavoidable, since researchers are working with incomplete information that only increases in the days following their disclosure. That's why it's always a good idea to take reports like these seriously by following any available mitigation advice, even if users think that the likelihood they are vulnerable is low.

Microsoft has issued a temporary fix here that takes only a minute or two to install. Readers with vulnerable machines are strongly advised to run the Fixit if they haven't already.