Security Alert: New Microsoft Office Zero-Day Attack

There is news of a previously undisclosed vulnerability in Microsoft Word that can be used to quietly install different kinds of malware, even on fully-patched computers. This zero-day bug has yet to be patched and reportedly doesn’t rely on macros – Office typically warns users of risks when opening macro-enabled files.

The vulnerability can be used to install malware onto fully patched systems running Microsoft’s operating system via an Office vulnerability. Microsoft indicates they will have a fix shortly.

As a result, we strongly recommend refraining from opening any Word documents you may receive via email.

According to reports, Microsoft Office’s “Protected View” feature will block this attack.  Protected View is enabled by default; however, you should double check your settings to make sure that this feature is turned on.

To check your protected view settings;

  • Click the File tab in the upper left corner.
  • Select Options.
  • Select Trust Center in the left pane.
  • Click Trust Center Settings.
  • Select Protected View.
  • Be sure all  three options under Protected View are checked and Click OK

In addition to enabling these settings, please help spread the word to your users to avoid opening Word documents view email.

See also: What your staff needs to know about Phishing