We are writing to inform you of a significant zero-day exploit targeting Microsoft Word that allows an attacker to install malicious software on your computer. This affects all versions of Word, including fully patched Office 365 and Office 2016.
If you receive a Microsoft Word attachment in an email, we strongly recommend that you do not open it until Microsoft releases a patch. If you are a ShareSync user, we recommend using that platform to share files as it can mitigate the risk.
While there is no patch currently available, Microsoft is working on a fix that should be released tomorrow (4/11/17). Word has a safeguard system in place called Protected View that is able to prevent this vulnerability from being exploited.
To see if you have Protected View enabled, in Microsoft Word:
- Click File > Options.
- Click Trust Center > Trust Center Settings > Protected View.
- Check everything (at least for now)