Microsoft Warns of Zero Day Attack via Office Files on Windows

September 8, 2021

Microsoft issued a warning that attackers are actively exploiting a previously unknown vulnerability in Windows versions 10, 8, 7, and many Windows Server versions. Opening a malicious Office document on the computer or server will install malware that can allow others to take control of the system. 

While there isn't a patch yet for the vulnerability, Microsoft has confirmed that following general best practices will prevent or mitigate an attack using the exploit: 

  • Check for and install any updates for Windows.* This will also update Microsoft Defender, the default anti-virus and security program on PCs.
  • Do not open unsolicited files, even if you trust the sender.
    • This exploit affects Office documents, which include Word/.docx, Excel/.xlsx, PowerPoint/.pptx, and other Microsoft 365/Office files.
    • Confirm with any known sender that they intended to send the file, using a verified contact method (i.e. call instead of replying to a message).
    • Use Protected View when opening an Office file.
  • Make sure you are not logged in to the computer with Administrative access*.
    1. Open Settings (press the Windows and i keys at the same time) and go to Accounts -> Your info
    2. Below your profile icon and name if it displays "Administrator" you are signed in with advanced access to the computer, which allows malware to run and install if opened.
      Sign out and sign back in with an account that only has Standard access, or follow instructions to create a local user account.

* Managed or workforce computers may not allow you to complete some steps. Please check with your Certified IT Group if you need assistance.