Attackers have been actively exploiting a zero-day vulnerability in Microsoft Word to infect computers with malware. The first reports about the attacks came Friday from antivirus vendor McAfee after their researchers discovered some suspicious Word files spotted earlier. They found that the files were exploiting a vulnerability that affects “all Microsoft Office versions, including the latest Office 2016 running on Windows 10.”
The flaw allows exploitation of code that executes anything downloaded from the Internet. Attackers are downloading and installing malware, viruses, and other threats to take over your computer. “The successful exploit closes the ‘bait’ Word document, and pops up a fake one to show the victim,” the McAfee researchers said. “In the background, the malware has already been stealthily installed on the victim’s system.”
After additional reports it was confirmed that Microsoft had been previously notified of the exploit and had been preparing a patch. Microsoft released that patch this past Tuesday and we are actively pushing it to IT Shared Services workstations. For unmanaged and/or home computers make sure to visit Windows Update to get the latest updates.
This isn’t the first time something like this has been discovered and, thus, underscores the importance of being hesitant about opening attachments from unknown sources. Additionally, new features in Microsoft Word 2016, if enabled, can block attacks of this type. This feature is called ‘Office Protected View’ and is enabled from Word’s File -> Options -> Trust Center. Scroll to Protected View and make sure the options you want are enabled (checked).
Office Protected View will allow you to view a document but prevents it from launching macros – thereby preventing it from injecting malware into your system. By default files downloaded from the Internet open in Protected View, as do files still in your browser cache, and attachments opened in Outlook. However, a user can sometimes unknowingly turn off this feature (Word will notify the user when something is blocked and allow the user to turn off the feature).