A previously unknown bug in Microsoft Office has been spotted being actively exploited in the wild. The bug exists in the OLE file format and the way it s handled in Microsoft Word. It can be used to bypass security solutions and sandboxes. The flaw allows attackers to hide exploits in weaponized Word documents in a way that won t trigger most antivirus solutions, researchers said. Microsoft told the researchers that patching the problem is on the back burner; they didn’t specify which security solutions they re using.
Source: https://threatpost.com/zero-day-exploit-microsoft/142327/