All Microsoft users need to be aware of a new threat that has been targeting fully-patched systems using a zero-day attack. This attack installs malware through an Office vulnerability. Until a patch to solve this issue has been released, we strongly recommended that you instruct your staff not to open or send Word documents via email.
In the short-term, Microsoft Office has a ‘Protected View’ setting that should be enabled by default. Take a moment to check that this feature is activated, and if you open a Word document and see a pop-up, it’s a strong indication that your system has been compromised. More than just being wary of Word documents sent to you by email, there are several other precautions we recommend you take:
While as of right now there is no patch available to correct this vulnerability, Microsoft has stated that they are working on the issue. A fix is expected over the next day or so with the next batch of updates. In the meantime, use caution when opening email attachments, and avoid opening Word files sent to you if at all possible. Keep an eye out for communications from Microsoft, and be sure to install any updates the moment they’re made available to you.
If you have questions about this zero-day attack or want to learn more about how you can protect your business from these types of threats, get in touch with CITOC at firstname.lastname@example.org or (713) 490-5000. We’re the IT professionals businesses in Houston trust.