A zero-day vulnerability in Microsoft Office is being actively exploited by in-the-wild attacks, multiple security companies warn. Microsoft plans to issue a related fix on April 11.
McAfee was the first security firm to publicize the issue, followed by FireEye.
Rather than this being a pure software vulnerability, McAfee characterizes the flaw as a “logical” bug that allows a malicious Word document to skirt around security protections built into Windows.