No matter which version of Microsoft Word you are using, the program is currently considered to be a huge data security risk, since a new zero-day vulnerability was discovered recently and hackers are already taking advantage of it.
The vulnerability was previously undisclosed, and can be used to install all sorts of malware on your computer, even if your software and operating system are up-to-date.
Luckily, Microsoft is currently working on a patch that will be released this week.
Typically, users are warned about the dangers of macros that could potentially have malicious code in them. The reason why this vulnerability is so critical is that it does not even rely on macros.
Here is how it works. When a victim is tricked into opening a suspect Word document, your computer downloads a malicious HTML application disguised to look like a Rich Text document file. The HTML application then proceeds to download and install a malicious script that installs malware on your computer without you even knowing.
The vulnerability was first reported by McAfee on Friday. According to them, an attacker can execute code on the affected computer while evading memory-based mitigations, a mechanism designed to prevent similar types of attacks, which makes this vulnerability particularly alarming.
If you are interested in reading the full story with all the details, FireEye has posted a similar report on Saturday. You can find it by visiting their official website.
Microsoft’s spokesperson confirmed that the zero-day vulnerability will be patched in the next batch of security updates.