Security hole known as CVE-2017-0199 first made headlines in early April. The vulnerability enables malicious actors to execute a Visual Basic script containing PowerShell commands when a user opens a Microsoft Office RTF document laden with an embedded exploit. Researchers observed attackers exploiting the bug to infect users with Dridex and other malware. Microsoft patched the vulnerability in its Patch Tuesday on 11 April 2017. It’s unclear which nation might have sponsored this malicious activity; users should avoid clicking on suspicious links and email attachments.”]
Source: https://grahamcluley.com/microsoft-zero-day-vulnerability-was-being-exploited-for-cyberespionage/