There is news this week of a previously undisclosed vulnerability in Microsoft Word, which can be used to quietly install different kinds of malware — even on fully-patched computers.
This zero-day bug that has yet to be patched and reportedly doesn’t rely on macros which Office typically warns users of risks when opening macro-enabled files.
The vulnerability can be used to install malware onto fully patched systems running Microsoft’s operating system via an Office vulnerability, one that Microsoft indicates will have a fix shortly.
As a result we strongly recommend refraining from opening any Word documents you may receive via email.
According to reports, Microsoft Office’s “Protected View” feature will block this attack. Protected View is enabled by default; however, you should double check your settings to make sure that this feature is turned on.
To check your protected view settings;
- Click the File tab in the upper left corner.
- Select Options.
- Select Trust Center in the left pane.
- Click Trust Center Settings.
- Select Protected View.
- Be sure all three options under Protected View are checked and Click OK
In addition to enabling these settings, please help spread the word to your users to avoid opening Word documents view email.