This results in the download of a malicious.hta file (HTML Application executable) on the victim's machine.
In 2015, it was cited as the means by which cyber-attackers stole more than £20m from British bank accounts. The user doesn't need to have macros enabled for any of the malicious scripts to be executed, allowing the exploit to be successful against any Word user.
The victim gets an email with a Microsoft Word or Excel document attached.
Be careful when opening that next Word document you receive; it might become a gateway for cybercriminals to hack into your computer and install malware.
According to the reports, over the weekend, a new bug has been targeted by the hackers which remotely install malware into a customer's system. A Microsoft spokesman told the BBC: "We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically". The script downloads a malicious.hta file disguised as an innocuous RTF (rich text file).
In the meantime, consumers are being warned not to open any file attachments containing Word documents.
The bug can be exploited on all versions of Office, including the latest Office 2016 running on Windows 10. Besides enforcing Protected View, the attack can be blocked by setting "Software\Microsoft\Office\15.0\Word\Security\FileBlock\RtfFiles to 2". While FireEye has reportedly been communicating with Microsoft for several weeks about the vulnerability, it was disclosed for the first time publicly on Saturday by McAfee.
For now, McAfee suggests users do not open Office files obtained from untrustworthy locations. The vulnerability was first observed in January and the firms continue to spot new attacks leveraging it.
"After recent public disclosure by another company, this blog serves to acknowledge FireEye's awareness and coverage of these attacks".
Within your email filtering solution, such as Intermedia Email Protection, consider temporarily putting a policy in place to block Word documents until Microsoft releases the patch.
The only way to protect yourself, according to McAfee and FireEye, is to configure Office to use Protected View.