Anatomy of a malicious email: Crooks exploiting recent Word hole by Paul Ducklin.
From the post:
SophosLabs has drawn our attention to a new wave of malware attacks using a recent security bug in Microsoft Word.
The bug, known as CVE-2015-1641, was patched by Microsoft back in April 2015 in security bulletin MS15-033.
The vulnerability was declared to be “publicly disclosed,” meaning that its use wasn’t limited only to the sort of crooks who hang out in underground exploit forums.
Of course, turning a potential Remote Code Execution (RCE) vulnerability into a reliably-working exploit isn’t always as easy as it sounds, but that has happened here.
Here’s how the new attacks go down.
…
Paul does a great job of covering the details of this attack and about Word attachment attacks in general. Highly recommended reading.
He closes security suggestions and one in particular I want to call to your attention:
Avoid opening unexpected or unsolicited attachments.
Write that down!
I don’t care if the president of the enterprise allegedly wrote to you (why would he?).
If it is unexpected/unsolicited, don’t open it.
If you think it is important, call to verify its sender.
Not a perfect defense because a legitimate sender may be infected but it will get you past one entire category of vulnerabilities.