From True North Networks
WARNING – There is currently an aggressive attack campaign underway against a previously undisclosed vulnerability in Microsoft Word, which can be used to quietly install different kinds of malware — even on fully-patched computers. The bug can be exploited on all versions of Microsoft Office, including the latest Office 2016 version running on Windows 10.
The vulnerability cannot bypass the Office Protected View, which should be turned on by default. You can verify those settings using the following steps:
Step 1: Start Word, click File and then choose Options
Step 2: Click Trust Center and then Trust Center Settings
Step 3: Click Protected View, all three of the options listed there should be checked
Step 4: Click OK and you’re done!
Unlike most document-related vulnerabilities, this zero-day bug doesn’t rely on macros (macros use built in code to execute pre-scripted command actions) — in which Office typically warns users of risks when opening macro-enabled files. There is currently no patch for this bug, but Microsoft is expected to release a fix with its next round of security updates. Once released, you will receive the patch within your regularly scheduled patch window. In the meantime, be extra cautious when opening Microsoft Word attachments.