Email-based attacks exploit unpatched vulnerability in Microsoft Word
Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.
The first report about the attacks came Friday from antivirus vendor McAfee after the company’s researchers analyzed some suspicious Word files spotted a day earlier. It turned out that the files were exploiting a vulnerability that affects “all Microsoft Office versions, including the latest Office 2016 running on Windows 10.”
The flaw is related to the Windows Object Linking and Embedding (OLE) feature in Microsoft Office that allows documents to embed references and links to other documents or objects, the McAfee researchers said in a blog post.