McAfee and FireEye have disclosed a new Microsoft Office zero-day that allows attackers to silently execute code on targeted machines and secretly install malware. Microsoft is aware of the vulnerability, but it’s unlikely it will be able to deliver a patch until its next Patch Tuesday, which is scheduled in three days. McAfee researchers say they’ve detected attacks leveraging this unpatched vulnerability going back to January this year. The attack routine does not rely on enabling macros, so if you don’t see a warning for macro-laced documents, that doesn’t mean the document is safe.
Source: https://www.bleepingcomputer.com/news/security/attacks-detected-with-new-microsoft-office-zero-day/