New Hack: Don’t Open Word Docs

There’s a new, unpatched vulnerability in all versions of Microsoft Word on all versions of Windows. This vulnerability is essentially an open door to your computer for a hacker who knows how to find the door.

There is currently no fix available for this, although Microsoft is promising that a patch will be available on Tuesday, 4/11. Until your system is patched either manually or via automatic update, do NOT open any Word document directly on any Windows machine. This includes any version of Microsoft Word on any Windows operating system.

Here are some temporary workarounds:

1) Upload and open the file in Google Docs

2) Ask whoever sent you the Word doc to send you a PDF instead

3) Update your computer’s registry via these instructions (please do not do this unless you’ve updated your registry before)

This vulnerability works like this: A hacker sends an email that contains a Word document as an attachment.  The victim opens the Word document.  As soon as the document is opened, an embedded program in the Word document immediately does 2 things: 1) Downloads specific malware packages and installs them on your computer 2) opens up a fake word document to hide the first one.  Your computer is now compromised and the downloaded malware can do whatever the hacker wants it do to.  

Be careful!

[Source]