The following is an important advisory for any all Microsoft® Office users of a new zero-day attack that installs malware onto fully patched systems running Microsoft’s operating system via an Office vulnerability.
We recommend refraining from sending or opening any Word documents via email at this time. Microsoft Office has a feature called “Protected View” that is enabled by default; however, you should double check your settings to make sure that this feature is turned on.
In addition to being highly suspicious of any Word document that arrives in an email, there are a few other things we’d recommend that you consider:
Warn your staff, and let them know of the heightened risk related to this attack right now, so they’ll be better prepared if they receive an email with one of these attachments.
Consider sharing documents through our file share program, ShareSync® instead, which can mitigate the risk.
Within your email filtering solution, consider temporarily putting a policy in place to block Word documents, just until Microsoft releases the patch.
If you are managing your systems with Active Directory®, consider: Temporarily enabling the Group Policy Object (GPO) that disallows editing of flagged files. This means users will just have read-only protected view for any documents that Microsoft recognizes as unsafe. Within Trust Center, enable the GPO that uses File Block to block .rtf files, not even allowing for them to be opened in “Protected View”.
There is currently no patch for this bug; however, Microsoft is expected to release a fix within its next round of security updates shortly. Be on the lookout for communications from Microsoft around this matter.
As always, call GSC IT Solutions at 485-7100 with any questions.