We are writing to inform all Microsoft® Office users of a new zero-day attack that installs malware onto fully patched systems running Microsoft’s operating system via an Office vulnerability. We recommend refraining from sending or opening any Word documents via email. Microsoft Office has a feature called “Protected View” that is enabled by default; however, you should double check your settings to make sure that this feature is turned on. In addition to being highly suspicious of any Word document that arrives in an email, we recommend that you warn your users and let them know of the heightened risk related to this attack right now, so they’ll be better prepared if they receive an email with one of these attachments.
If you are an email customer of ours, we are working to block these malicious attachments before they arrive in your inbox, or until that time Microsoft releases a patch. Until that time, we urge caution.