Hackers are targeting a newly discovered zero-day vulnerability in Microsoft's Word and Outlook services, according to security firm Qualys.
Qualys CTO Wolfgang Kandek revealed the attack in a blog post, warning businesses that a successful attack could grant hackers remote access to their systems.
"The vulnerability CVE-2014-1761 is in the file format parser for RTF (Rich Text Format) and could be used by an attacker to gain remote access to the targeted system. The attack vector is a document in RTF format that the victim would have to open with Word," read the post.
"If the target uses Outlook 2007, 2010 or 2013 for email, please be aware that Word is the default viewer for emails, and that even looking at the email in the preview pane could lead to an infection through this attack."
Kandek said the vulnerability is particularly troubling as it affects Apple Mac systems running Microsoft Office for the Mac 201 as well as Windows systems.
Microsoft has since released an emergency workaround for the vulnerability on its TechNet blog.
"Today, Microsoft released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010," read the advisory.
"To facilitate deployment of the first workaround, we are providing a Fix it automated tool. The fix uses Office's file block feature and adds few registry keys to prevent opening of RTF files in all Word versions."
Kandek praised Microsoft for its rapid response, confirming that the temporary fix does effectively mitigate the exploit. "It seems that EMET ASLR enforcements efficiently counters the exploit. Good stuff," he said.
The Word and Outlook attack is one of many advanced threats uncovered targeting Microsoft services in recent months. Microsoft was forced to release an emergency fix for a vulnerability in Internet Explorer known to have been targeted by hackers earlier in March.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago