A zero-day vulnerability in Microsoft Office is being actively exploited by in-the-wild attacks. Microsoft plans to issue a related fix on April 11. McAfee was the first security firm to publicize the issue, followed by FireEye. The flaw is a “logical” bug that allows a malicious Word document to skirt around security protections built into Windows. The fix is effective against all versions of Microsoft Office on Windows, a security expert says. There is a workaround, McAfee says, but users might avoid opening any attachments in Word.”]
Source: https://www.cuinfosecurity.com/zero-day-attack-targets-microsoft-office-a-9821