All Microsoft users need to be aware of a new threat that has been targeting fully-patched systems using a zero-day attack. This attack installs malware through an Office vulnerability. Until a patch to solve this issue has been released, we strongly recommended that you instruct your staff not to open or send Word documents via email.
In the short-term, Microsoft Office has a ‘Protected View’ setting that should be enabled by default. Take a moment to check that this feature is activated, and if you open a Word document and see a pop-up, it’s a strong indication that your system has been compromised. More than just being wary of Word documents sent to you by email, there are several other precautions we recommend you take:
- Make sure your team is aware of this threat and the risk level it presents
- Use an alternative method to share documents
- Use your email filtering solution to temporarily block Word documents
- If your systems are managed through an Active Directory, temporarily disable the Group Policy Object (GPO) that allows users to edit flagged files
- Enable the GPO that uses ‘File Block’ to temporarily block .rtf files completely, not even allowing them to open in ‘Protected View’
While as of right now there is no patch available to correct this vulnerability, Microsoft has stated that they are working on the issue. A fix is expected over the next day or so with the next batch of updates. In the meantime, use caution when opening email attachments, and avoid opening Word files sent to you if at all possible. Keep an eye out for communications from Microsoft, and be sure to install any updates the moment they’re made available to you.
If you have questions about this zero-day attack or want to learn more about how you can protect your business from these types of threats, get in touch with Colorado Computer Support at firstname.lastname@example.org or 719.439.0599. We’re the IT professionals businesses in Colorado Springs trust.