All Microsoft users need to be aware of a new threat that has been targeting fully-patched systems using a zero-day attack. This attack installs malware through an Office vulnerability. Until a patch to solve this issue has been released, we strongly recommended that you instruct your staff not to open or send Word documents via email.
In the short-term, Microsoft Office has a ‘Protected View’ setting that should be enabled by default. Take a moment to check that this feature is activated, and if you open a Word document and see a pop-up, it’s a strong indication that your system has been compromised. More than just being wary of Word documents sent to you by email, there are several other precautions we recommend you take:
- Make sure your team is aware of this threat and the risk level it presents
- Use an alternative method to share documents
- Use your email filtering solution to temporarily block Word documents
- If your systems are managed through an Active Directory, temporarily disable the Group Policy Object (GPO) that allows users to edit flagged files
- Enable the GPO that uses ‘File Block’ to temporarily block .rtf files completely, not even allowing them to open in ‘Protected View’
While as of right now there is no patch available to correct this vulnerability, Microsoft has stated that they are working on the issue. A fix is expected over the next day or so with the next batch of updates. In the meantime, use caution when opening email attachments, and avoid opening Word files sent to you if at all possible. Keep an eye out for communications from Microsoft, and be sure to install any updates the moment they’re made available to you.
If you have questions about this zero-day attack or want to learn more about how you can protect your business from these types of threats, get in touch with CTECH Consulting Group at info@ctechgroup.net or (403) 457-1478. We’re the IT professionals businesses in {city} trust.
My passion is to make my mark on the world in a positive and lasting way. I want to set an example for my son that his father can compete with integrity in today’s world, be very successful, and leave the world a better place for him.
Combining my technical/business-based education with a long career steadily progressing up the corporate ladder, I decided to build a company that held true to my values. So, I founded and designed the next generation of IT support firm: CTECH Consulting Group Inc. We are a completely automated, cloud-based IT company designed to compete against any other IT firm without the overhead. We promote a lifestyle to all our staff where they can work anywhere, at any time, access any information on any device that is relevant to their job, and collaborate with anyone they want to.