Users of Microsoft Office are being warned of a new zero-day security flaw that has been exploited since at least January.
The security flaw enables attackers to covertly install malware on PCs by exploiting flaws in Microsoft's Object, Linking and Embedding (OLE) technology.
Security researchers at McAfee have been first off the mark among security vendors, publishing a blog over the weekend on the vulnerability.
The security group claims that it intercepted suspicious Microsoft Word Rich Text Format (RTF) format documents that, when opened, runs the exploit. This connects to a remote server in the background and downloads a file that contains a HTML application content file that looks like a Microsoft document, but executes it as an .hta file.
The .hta file enables the attacker to gain full administrator rights on the victim's machine.
"The successful exploit closes the 'bait' Word document, and pops up a fake one to show the victim. In the background, the malware has already been stealthily installed on the victim's system," McAfee warned.
It added that the root cause of the zero-day vulnerability is related to the Windows OLE feature in Windows, that Microsoft Office takes advantage of.
Security researchers at FireEye said that they also recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. They added that the vulnerability enables attackers to download and execute malware payloads from different well-known malware families.
The security company said it had been in contact with Microsoft about the vulnerability for several weeks, but did not publicly disclose any details until McAfee decided to reveal all in its blog post.
Microsoft is likely to release a security update along with its next batch of updates, scheduled for this Tuesday.
In the meantime, McAfee warns users to not open Office files obtained from untrusted sources. It added that the attack cannot bypass the Office Protected View, so suggested that all users turn this feature on.
Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.
Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.
Attendance is free to qualifying IT professionals and IT leaders - register now!
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago