I received the following message from the State of Connecticut Department of Information Technology (DOIT) concerning Microsoft Word document attachments to emails you may receive.
As of this writing, Microsoft has acknowledged the existence of two “zero day” vulnerabilities effecting multiple versions of Microsoft Word. “Zero Day” means there is no remediation strategy available at this time. A number of monitoring organizations have categorized these vulnerabilities as extremely critical.
DOIT recommends the following actions:
** Do not open Word documents attached to e-mail messages from anyone you do not know.
** Do not open Word files posted to untrusted Web sites.
** Spread the word ... be sure coworkers, family members and friends are aware of the vulnerability.
DOIT will continue to provide updates as new information is provided.
If you receive a word document attachment in an e-mail from someone you are not familiar with, but believe the e-mail is legitimate, we strongly recommend that you
1) Do not open the attachment
2) Respond to the sender that due to a security vulnerability, you must request they resend the content of the document without the attachment. They may do so by “cutting and pasting” the content of the document into the body of the e-mail itself or faxing the document.