Security research team at Rhino Labs, a US-based cyber-security company, has discovered that malicious actors can use a lesser-known Microsoft Word feature called subDoc to trick Windows computers into handing over their NTLM credentials. Attackers can then use these logins to access the victim’s computer or network, posing as the original user. This type of hack is ideal for spear-phishing campaigns aimed at high-value targets, such as enterprises or government agencies. The fate of subDoc is unknown because this feature is not that useful for regular malware distribution campaigns.
Source: https://www.bleepingcomputer.com/news/security/microsoft-word-subdoc-feature-abused-to-steal-windows-credentials/