Microsoft Word Zero-Day Vulnerability

Six Degrees is aware that a new Microsoft exploit has been reported as a zero-day vulnerability in Microsoft Office. This exploit can be exploited using a malicious Word document to enable code execution on a victim’s system. This vulnerability can execute with macros disabled. If the document is changed to .rtf (Rich-Text Format) it can run in the preview window of File Explorer, making this Word document a ‘zero-click exploit’. This threat has been given a CVE rating of 7.8 (High).

This Word document does not contain any malicious code; instead, the document references a remote template. Therefore, standard antivirus software will not mark this document as a threat. We would therefore advise our customers to remain vigilant for phishing attempts and not click anything suspicious, as this has been identified as a point of entry.

Affected products:

  • Word 2013
  • Word 2016
  • Word 2019
  • Word 2021

There is no patch currently available from Microsoft at this time, but rest assured we will continue to monitor the situation.

Like this article?

Share on facebook
Share on twitter
Share on linkedin

Want to find out how your cyber security stacks up?

Take our free Cyber Security Maturity Assessment today.