MS Office zero-day exploited in attacks – no enabling of macros required!

A new zero-day flaw affecting all versions of Microsoft Office is being exploited in attacks in the wild, and no user is safe – not even those who use a fully patched Windows 10 machine. Even worse: targets do not have to anything except run a malicious file in order to get compromised, as the exploit doesn’t require them to enable macros or do anything else. The existence of the flaw was revealed by McAfee researchers on Friday, and confirmed by FireEye researchers on Saturday. The latter shared details about it with Microsoft weeks ago, and were waiting to publicly reveal the flaw once Microsoft pushed out a patch. The patch is still to be released.