Hey everyone this is Alexandra Huft,
I wanted to let people know about a new issue that we’ve activated our Software Security Incident Response Process (SSIRP) for: we have some information we can share from the investigation so far and I wanted to share it with you.
We just posted Microsoft Security Advisory (932553). This involves an issue that is currently being exploited using Excel documents. However, the issue can affect all Office documents.
This is an issue that could allow an attacker to execute code on a user’s machine in their security context by convincing them to open a specially-crafted Office document.
We are aware of very limited, targeted attacks attempting to use the vulnerability reported.
As part of our investigation, we will be working with our MSRA partners to monitor and secure the ecosystem and will provide updates through the MSRC weblog or the advisory as new information develops.
*This posting is provided "AS IS" with no warranties, and confers no rights.*