Microsoft officially published a patch on 11 of Apr 2017 on CVE-2017-0199. The vulnerability is possible to include OLEv2 links to existing documents. The OLE object needed to be activated automatically. The HTA file will not be persistent (to make it persistent you would have had to Link it with file + create icon but we want to be stealth and to have autorun right?) The solution is to create a dynamic OLE link for a real RTF file and modify the document at the source.”]
Source: https://securityaffairs.co/wordpress/58077/hacking/cve-2017-0199-exploitation-poc.html