A zero-day vulnerability in Microsoft Office is being actively exploited by in-the-wild attacks. Microsoft plans to issue a related fix on April 11. McAfee was the first security firm to publicize the issue, followed by FireEye. The flaw is a “logical” bug that allows a malicious Word document to skirt around security protections built into Windows. The attack neatly routes around some of Microsoft’s security protections, although FireEye says its systems can detect the malicious documents. Microsoft says customers who have updates enabled will be protected automatically.”]
Source: https://www.govinfosecurity.com/zero-day-attack-targets-microsoft-office-a-9821