Apparently harmless, Microsoft Word creates some problems for users, as a serious vulnerability allows a hacker to install malware on computers.
A zero day attack installs malware on updated systems, using a vulnerability that is presented in almost all Microsoft Word versions. The attack begins from an email that includes an infected Word document. After the document is opened, the hidden code connects to a server controlled by the attack. Then it downloads a HTML app that is disguised as a Microsoft Rich Text document and that documents also downloads and installs other malware applications.
The attack is notable from many points of view. Firstly, it manages to function on computers that are updated, even on computers running Windows 10, an operating system considered the most secure operating system ever crated by Microsoft. Also, unlike other malware attacks using Word documents, this one does not require the activation of macro features. Thirdly, before the attack ends, the malware opens a dummy Word document to hide the fact that an attack happened.
Microsoft said that the fix will arrive today. FireEye discovered the vulnerability and promptly contacted Microsoft and the company has not revealed details about this vulnerability and will not do so until Microsoft releases a security patch. McAffee however decided to come forward with details about the attack and the company says that this vulnerability has been around ever since January.
Zero day attacks usually target specific targets such as individuals working for Government agencies or companies that might be attractive for hackers. However such attacks also targeted regular people in the past.
To stay away from such problems you should be skeptical about every Word document that arrives in your Inbox even if you know who the sender is. Other attacks are based on automatically sending emails after person is infected so even your contacts list is in jeopardy.