A serious zero-day vulnerability (CVE-2017-0199) in Microsoft Office was publically disclosed last week. The flaw is an arbitrary code execution vulnerability in Office which manifests due to improper handling of Rich Text Format (RTF) files. Exploitation of this flaw has been observed in email-based attacks where adversaries bait users to open a specifically crafted document attached to the message. Given that this vulnerability continues to be actively being exploited, Talos strongly recommends all customers patch as soon as possible.”]
Source: https://blog.talosintelligence.com/2017/04/cve-2017-0199.html