Attacks with New Microsoft Office Vulnerability
There's a zero-day Microsoft office vulnerability out in the wild, which infects fully patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word. Using Protected View in word prevents the execution of the malicious code:
FireEye recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. This vulnerability allows a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. FireEye has observed several Office documents exploiting the vulnerability that download and execute malware payloads from different well-known malware families.
FireEye shared the details of the vulnerability with Microsoft and has been coordinating for several weeks public disclosure timed with the release of a patch by Microsoft to address the vulnerability. After recent public disclosure by another company, this blog serves to acknowledge FireEye’s awareness and coverage of these attacks.