In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organizations.
According to Microsoft, attacks exploiting the vulnerability have targeted companies via boobytrapped Microsoft Office documents.
In short, a typical timeline of infection might go something like this:
One of your users downloads or receives a boobytrapped Microsoft Office file. Perhaps they are socially-engineered into clicking on a malicious link, or find the poisoned file in their inbox.
The user opens the Microsoft Office file to view its contents, but it contains an embedded malicious automated commands.
The automated commands exploit the bug in Windows to gain the same level of permissions as the user, whereupon it installs malware of the hacker’s choice.
An attacker could craft a malicious code to be used by a Microsoft Office document. The attacker then convinces the user to open the malicious document.
This vulnerability is being actively exploited and Microsoft is recommending that “Office users be extremely cautious about Office files – DO NOT OPEN if you do not fully trust the source!”
Please exercise caution if you receive an office file (Word, Excel, PowerPoint, Publisher, etc.) from an unknown or unexpected source.