A yet-to-be-patched security hole in multiple versions of Word is being exploited in cyberattacks, Microsoft warned late on Tuesday.
The attacks are described as “limited”. The software maker is developing a security update that addresses the vulnerability, it said.
The vulnerability is similar to previous so-called zero-day flaws that have hit Office applications in recent months. An attacker could rig a Word file in such a way that he would gain complete control over a vulnerable PC when the file is opened, Microsoft said in its advisory.
An attacker could exploit the flaw by hosting a website with a malicious Word file or send an email with the file as an attachment. In all cases the target would have to open the file to be compromised, Microsoft said.