New 0day Attack Exploits Microsoft Word Flaw

A new zeroday attack is exploiting a flaw in Microsoft Word and infects fully patched devices with malware.

This method of infection was announced by FireEye, a security firm that published a blog post about it this Saturday. Apparently, the attack starts with an email that arrives with an infected Word document attached. After its opening, an exploit code from the inside of the document connects to the server controlled by an attacker. Next, a malicious HTML app is downloaded, but it’s still being disguised, and it looks like a Microsoft’s Rich Text Format. Under the surface, the malware works on downloading other malware and spreads the infection even further.

This is not a new kind of attack, but this method is different and important for several reasons. First, it can bypass almost all of the exploit mitigations, and this is something that’s especially alarming, since it allows it to work against pretty much any system, including Windows 10, which is Microsoft’s most secure system so far. Next, this attack is different than the previous ones that tried to exploit Word flaws, and it doesn’t need for their targets to enable macros. Also, before the attack ends, a new Word document is opened. This is done in order to hide the fact that the attack just took place.

The attacks were first reported by a security firm McAfee around Friday night, and they described it in the blog post.

FireEye has stated that they’ve been discussing the flaw with Microsoft for several weeks and that they haven’t published anything before so that Microsoft would have time to work on a patch. Still, after McAfee released the details about the flaw, FireEye decided to publish their own blog post.

The earliest attack that the researchers of McAfee had managed to discover was back in January, and the security update is supposed to be released this Tuesday.

So far, zeroday attacks have mostly been used against individuals that have been known to work for a government agency, contractor or similar organization that can be attractive to cyber criminals. However, after the vulnerability has become public knowledge, this sort of attacks are known to start targeting larger masses.

The only advice that can be given in this type of situation is to be extra careful about documents that arrive by email, even if the sender is known to you. There’s also an Office feature called Protected View, and the attacks were unable to work when the document was opened by using this method. Other ways of opening potentially infected documents have not been confirmed as safe.

Ali Raza
Ali Raza
Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of, too, a site dedicated to educating people on online privacy and spying.

More from author

Notify of
Inline Feedbacks
View all comments

Related posts


Latest posts

7 Best Work from Home Apps for Moms

Being a mom is a job in itself. Between taking care of the kids, keeping up with household chores, and trying to squeeze in...

Top 9 Ways Technology is Helping Global Trade

If you are in a global business, utilizing technology is a surefire way of growing your business and increasing your customer base. Today, you...

7 Ways Technology Is Going To Transform Lead Generation

 In the ever-growing world of digital marketing, the ability to generate quality leads remains the most important ROI driver. Both inbound and outbound lead...