Computer viruses come in many forms. McAfee reported on Friday that it had identified a potential zero-day threat for Microsoft Office users.
The security firm detected a vulnerability in Microsoft Office and Word that lets hackers deliver malware to a user’s computer through a Word document. Files are delivered as rich text files with a .doc extension. When users open the file, they’re connected to a remote server, which downloads an HTML file.
That content is “disguised as a normal RTF file to evade security products, but we can find the malicious Visual Basic scripts in a later part of the file,” according to McAfee.
All versions of Office are susceptible to this attack, McAfee found, including the latest version of Office on Windows 10. The problem is rooted in object linking and embedding in Office.