What you need to know
This vulnerability is primarily triggered by opening malicious Microsoft Office documents and can give cybercriminals access to your network. Please note this does apply to documents opened in ‘Preview Mode’. Currently, documents from the internet are automatically opened in protected view, so as long as the end user does not allow editing, the attack will not automatically go off.
Cybercriminals may deceive victims into opening these documents via the following channels:
- Email attachments
- Social media links
- File downloads
- Other creative delivery methods
There has not yet been a patch released, however Microsoft has released a temporary fix to block the malware from running when a file is opened.
Huntress, a cybersecurity platform, has been monitoring the situation closely and testing the code to determine it’s risk, their statement reads:
Don’t panic over this. Yes, this vulnerability makes it easier for hackers to gain access to your network. However, malicious documents are a familiar attack strategy and vigilant users can turn the tide against these unpredictable threats