There was a time when Word documents were the main vector of infections on PCs, due to the ease of creating Macro viruses and the power of the macro language Microsoft used.
That’s about to change, however, as a new Word-based virus is doing the rounds, with no patch currently available.
Security researchers FireEye has revealed a new vulnerability in Word based on Windows Object Linking and Embedding (OLE), and which is currently doing the rounds in the wild.
The virus arrives by email, which when opened activates exploit code in the document which connects to an attacker-controlled server and then downloads a malicious HTML application file that’s disguised to look like a document created in Microsoft’s Rich Text Format. Once running the .hta file downloads additional payloads from different well-known malware families and then pops up a real word document to hide its activities.
The attack works on fully patched PCs and the only mitigation is not to download or open suspicious word files or only view them in Protected View, which does, in fact, protect users on this occasion. Disabling Macros does not offer any protection.
The new malware was discovered some weeks ago and FireEye has notified Microsoft of its existence, but a patch is not ready to be released yet.
Read more about the issue at FireEye here.