Over the last few months it became evident: The attacks are moving up the stack. We see less and less attacks on the operating systems but much, much more on the application. This is a trend that was basically predicted and unfortunately in this case the prediction was true.
We suffered ourselves from this trend as well, as we saw more and more 0day-attacks appearing in Office. Now, there are two things you have to do, when these things happen: Fix every single problem appearing (issue Security Updates) and think about how to make the existing products more resilient against these kind of attacks knowing that you cannot fundamentally change the product itself.
This is the reason, why we decided to launch MOICE (Microsoft Office Isolated Conversion Environment) to help you to protect yourself better against these kind of attacks. Additionally, there is the File Block utility to block knowns malicious files.
You find the corresponding information here:
- Security Advisory: http://www.microsoft.com/technet/security/advisory/937696.mspx
- MOICE: http://support.microsoft.com/kb/935865
As part of your risk management process, you should definitely look into this