There is a new threat on the horizon for all Microsoft® Office users. A new zero-day attack that installs malware onto fully patched systems running Microsoft’s operating system via an Office vulnerability.
We recommend refraining from sending or opening any Word documents via email. Microsoft Office has a feature called “Protected View” that is enabled by default; however, you should double check your settings to make sure that this feature is turned on. If you do open a Word document and see this pop-up, it’s a pretty good indicator that something is wrong.
In addition to being highly suspicious of any Word document that arrives in an email, there are a few other things we’d recommend that you consider:
If you are managing your systems with Active Directory®, consider temporarily enabling the Group Policy Object (GPO) that disallows editing of flagged files. This means users will just have a read-only protected view for any documents that Microsoft recognizes as unsafe. Within Trust Center, enable the GPO that uses File Block to block .rtf files, not even allowing for them to be opened in “Protected View.”
Microsoft has released a fix. If you auto update your system or if you have an MSP handling your business then this patch should be installed.